Superior persistent menace (APT) assaults focusing on a former zero-day distant command injection vulnerability in Barracuda e-mail safety gateway (ESG) home equipment have been detected by the US cybersecurity and infrastructure safety company (CISA).
The vulnerability, in line with a CISA alert, was used to plant malware payloads of Seapsy and Whirlpool backdoors on the compromised units.
Whereas Seapsy is a identified, persistent, and passive Barracuda offender masquerading as a reputable Barracuda service “BarracudaMailService” that enables the menace actors to execute arbitrary instructions on the ESG equipment, Whirlpool backdooring is a brand new offensive utilized by attackers who established a Transport Layer Safety (TLS) reverse shell to the Command-and-Management (C2) server.
“CISA obtained 4 malware samples — together with Seapsy and Whirlpool backdoors,” the CISA alert stated. “The gadget was compromised by menace actors exploiting the Barracuda ESG vulnerability.”
Tracked as CVE-2023-2868, the vulnerability permits distant command execution on ESG home equipment working variations 5.1.3.001 to 9.2.0.006.
An extended record of Barracuda offenders
Whereas Seapsy is a identified, persistent, and passive Barracuda offender masquerading as a reputable Barracuda service “BarracudaMailService” that enables the menace actors to execute arbitrary instructions on the ESG equipment, Whirlpool backdooring is a brand new offensive utilized by attackers who established a Transport Layer Safety (TLS) reverse shell to the Command-and-Management (C2) server.
