Zero-Day Vulnerability in Barracuda ESG Exploited by Unknown Threat Actors - 1

Zero-Day Vulnerability in Barracuda ESG Exploited by Unknown Threat Actors

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Data protection and network security solution provider, Barracuda Networks announced that its Email Security Gateway (ESG) appliances was compromised due to a zero-day vulnerability.

Barracuda, a US-based cybersecurity company is one of the leading email security providers with customers ranging from medium to large-scale organizations, including Mitsubishi, Carrefour, Tupperware, among others.

In the announcement, the company did not disclose the number of Email Gateway customers affected by the breach nor of any possible damage to its other products and services. ‘’No other Barracuda products, including our SaaS email security services, were subject to this vulnerability,’’ stated Barracuda.

The vulnerability, which was discovered on May 19, has been identified as CVE-2023-2868 and was found in a module which initially scans incoming email attachments. On discovery, the company immediately rolled out security solutions in two batches. On May 20 the first phase of security patch was applied to all ESG appliances worldwide and on May 21, as part of its ‘’containment strategy’’ a second patch of security was applied to all appliances by Barracuda.

Barracuda’s current investigation showed that the vulnerability was exploited by unknown threat actors and ‘’resulted in unauthorized access to a subset of email gateway appliances’’.

The customers who were affected by this breach were notified through the company’s ESG appliance about the necessary steps to take. As the investigation was limited to Barracuda’s ESG product and not to any client’s internal network. The company stated that affected customers should investigate their specific networks for any possible impact and take remedial actions as necessary.

Barracuda announced that it would continue to monitor this situation. In addition to direct outreach to its customers, information about the updates would also be available through the company’s product status page and Trust Center.

GoldenJackal Silently Targets Middle East & South Asia Government Entities - 2

GoldenJackal Silently Targets Middle East & South Asia Government Entities

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A newly discovered Advanced Persistent Threat (APT) group named ‘GoldenJackal’, known to be active since 2019, has been stealthily targeting government and diplomatic organizations in the Middle East & South Asia, reports Kaspersky.

The Russian cybersecurity firm has been monitoring the group’s activity since mid-2020 and has noticed the group targeting a few entities in countries like Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. This modus operandi has helped the threat actor remain relatively obscure.

The group’s primary focus being collecting government secrets & information, GoldenJackal employs a specific set of malware tools to control the victim’s devices, steal credentials, user’s web activity information, capture screenshots, access other systems via removable devices and data theft.

Kaspersky notes that the threat actor has been observed using fake Skype installers and malicious Word documents as its attacking tool. The fake Skype installer contains two resources – the JackalControl Trojan and a legitimate Skype for Business standalone installer. While spreading malware, the malicious Word document makes use of the Microsoft Office Follina vulnerability (CVE-2022-30190).

Based on a specific .Net malware, the attack vectors primarily consist of JackalControl. The primary trojan, JackControl allows the APT to remotely control the victim’s devices with a supported set of predefined commands. The malware can execute arbitrary programs as well as upload and download files.

Over the years, Kaspersky has discovered different variants of this malware, some are configured to maintain persistence while others run without infecting the system. Some of the other variants of this malware deployed by GoldenJackal include JackSteal, JackWorm, JackPerInfo and JackalScreenWatcher.

Based on Kaspersky’s observations, GoldenJackal does not have any link with any known threat actor. The closest actor that the cybersecurity firm associates it with is ‘Turla’ because both have been known to use tools based on .Net and usage of infected WordPress websites as C2. However, Kaspersky’s Giampaolo also states that, ‘’ Despite these similarities, we assessed with low confidence that there is a connection between GoldenJackal and Turla, since neither of these is unique to either threat actor’’.