The recently disclosed vulnerability affecting Barracuda Email Security Gateway appliances has been exploited as a zero-day to target government, high-tech and IT organizations, according to Mandiant.
The ESG vulnerability, tracked as CVE-2023-7102, is an arbitrary code execution flaw impacting 'Spreadsheet::ParseExcel', an open source library used by ESG devices to check Excel email attachments for malware.
Attackers can plant malicious code inside a specially crafted Excel file and send it as an attachment to the targeted organization.
The malicious code is executed without any user interaction when the ESG appliance scans the email, enabling the attackers to gain access to systems and steal valuable data.
Mandiant, which has helped the vendor investigate the attacks, told SecurityWeek that the China-linked threat actor tracked as UNC4841 was spotted exploiting the zero-day on December 20, but evidence suggests that the campaign started on or about November 30.
The hackers exploited CVE-2023-7102 to deliver new variants of the SeaSpy and SaltWater malware to Barracuda customers.
The Chinese cyberspy group previously exploited a Barracuda ESG vulnerability tracked as CVE-2023-2868 to deliver SeaSpy, SaltWater and SeaSide backdoors, as well as other malware.
This flaw had been exploited as a zero-day for more than half a year before the attacks were discovered and Barracuda released patches.
The threat actor was prepared for remediation efforts, forcing the vendor to urge customers to replace compromised appliances.
The first round of attacks targeted government, IT, high-tech, telecoms, manufacturing, healthcare, aerospace and defense, and semiconductor organizations across over a dozen countries.
Many of the targeted government organizations were in North America.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 28 Dec 2023 11:13:04 +0000