Barracuda

Image: Bing Image Creator

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability.

"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned in a Tuesday update to the initial advisory.

"Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

According to Barracuda, affected customers have already been notified through breached ESGs' user interface. Customers who haven't yet replaced their devices are urged to contact support urgently via email.

The warning comes after the critical Barracuda ESG remote command injection flaw tracked as CVE-2023-2868 was patched remotely on May 20, and the attackers' access to the compromised appliances was cut off one day later by deploying a dedicated script.

On May 24, Barracuda warned customers that their ESG appliances might have been breached via the CVE-2023-2868 bug and advised them to investigate their environments for signs of intrusion.

A Barracuda spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for additional details on why a full ESG replacement is required.

Exploited since at least October 2022

Before being patched, the Barracuda ESG bug was exploited as a zero-day for at least seven months to backdoor customers' ESG appliances with custom malware and steal data, as the company revealed one week ago.

It was first used in October 2022 to breach "a subset of ESG appliances" and install malware which provided the attackers with persistent access to the compromised devices.

They deployed Saltwater and SeaSpy malware to backdoor the infected appliances and a malicious tool dubbed SeaSide to establish reverse shells for easy remote access via SMTP HELO/EHLO commands.

Subsequently, the threat actors took advantage of their access to steal information from the backdoored appliances.

CISA also added the CVE-2023-2868 vulnerability to its catalog of bugs exploited in attacks, warning federal agencies with ESG appliances to check their networks for evidence of breaches.

Barracuda says its products are used by over 200,000 organizations, including high-profile companies like Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz.

Related Articles:

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

CISA urges software devs to weed out SQL injection vulnerabilities

KDE advises extreme caution after theme wipes Linux user's files

FTC warns scammers are impersonating its employees to steal money

CISA cautions against using hacked Ivanti VPN gateways even after factory resets