Barracuda Urges Customers to Replace the Vulnerable ESG Appliances
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Data protection and enterprise security company, Barracuda Networks urged customers affected by the zero-day vulnerability to immediately replace ESG hardware and virtual appliances.
In its June 1 advisory , Barracuda disclosed that the vulnerability was found in a module which initially scans incoming email attachments. Upon discovery, immediate security patches were issued, along with the deployment of a script to contain and counter the unauthorized access attacks.
However, in a sudden move, the company issued a replacement advisory. Reasons behind the announcement was not disclosed, it can be assumed that the malware’s effect on the now patched vulnerable devices is at a much deeper level.
‘’The pivot from patch to total replacement of affected devices is fairly stunning and implies the malware the threat actors deployed somehow achieves persistence at a low enough level that even wiping the device wouldn’t eradicate attacker access,’’ noted Rapid7 in its investigation of exploited physical ESG devices.
According to the company’s latest report, the flaw (CVE-2023-2868) which was present in its ESG versions 5.1.3.001-9.2.0.006 was being exploited as early as October 2022. This flaw allowed threat actors to access a subset of ESG appliances.
Different modules of the malware were found during investigation. Dubbed, Seaspy, Saltwater and Seaside, the trojans have the capability to create persistence (backdoor access), upload or download files, establish a reverse shell, and run commands.
‘’Evidence of data exfiltration was identified on a subset of impacted appliances,’’ noted the advisory.
The company is yet to confirm the actual number of affected customers as it is still continuing with the investigation. Meanwhile, to mitigate risks, Barracuda has announced full replacement of affected devices and urged customers to investigate their network environment and rotate ESG device credentials.
North Korean APT Group Uses Social Engineering Attacks to Gather Intelligence, Cybersecurity Experts Warn
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
On June 7, SentinelOne’s cybersecurity researchers disclosed Kimsuky’s campaign details that specifically targets experts on North Korean affairs. ‘’Based on the used malware, infrastructure, and tactics, we assess with high confidence that the campaign has been orchestrated by the Kimsuky threat actor,’’ noted the advisory. The disclosure comes in wake of the joint warning released by US and South Korean intelligence agencies, alerting Kimsuky’s use of exfiltrating malware and spear-phishing tools to illicitly gather data and credentials of targets.
To gather favorable strategic intelligence, North Korean advanced persistent threat (APT) group expands its social engineering tactics to target think tanks, academia, and media experts in the US. Their sophisticated methods include spoofed URLs, extensive email correspondence and use of reconnaissance malware, ReconShark.
To establish trust and engage with the target, it was found that the threat actor had impersonated Chad O’Carroll, founder of NK News. SentinelOne’s investigation also revealed the use of HTML-formatted phishing email containing spoofed URLs. The seemingly legitimate Google Doc URLs redirects the user to a malicious website. This is done with the aim of capturing the target’s Google credentials.
Moreover, Kimsuky was also seen using spoofed URL emails that redirect the target to a fake NK login site, helping them steal user credentials for NK News subscription service. The news site is known for its detailed reports and expert analysis on North Korea. Access to these reports helps the threat actor achieve its broader objective of strategic intelligence-gathering initiatives.
A few months ago, German and South Korean intelligence agencies had issued an advisory, alerting Gmail and AOL users of Kimsuky’s malicious campaign to steal their credentials.
To mitigate the risk of similar attacks, experts recommend users to exercise caution and deploy effective security measures.
