Superior persistent menace (APT) assaults concentrating on a former zero-day distant command injection vulnerability in Barracuda e-mail safety gateway (ESG) home equipment have been detected by the US cybersecurity and infrastructure safety company (CISA).
The vulnerability, in line with a CISA alert, was used to plant malware payloads of Seapsy and Whirlpool backdoors on the compromised gadgets.
Whereas Seapsy is a identified, persistent, and passive Barracuda offender masquerading as a official Barracuda service “BarracudaMailService” that permits the menace actors to execute arbitrary instructions on the ESG equipment, Whirlpool backdooring is a brand new offensive utilized by attackers who established a Transport Layer Safety (TLS) reverse shell to the Command-and-Management (C2) server.
“CISA obtained 4 malware samples — together with Seapsy and Whirlpool backdoors,” the CISA alert mentioned. “The system was compromised by menace actors exploiting the Barracuda ESG vulnerability.”
Tracked as CVE-2023-2868, the vulnerability permits distant command execution on ESG home equipment working variations 5.1.3.001 to 9.2.0.006.
A protracted record of Barracuda offenders
Whereas Seapsy is a identified, persistent, and passive Barracuda offender masquerading as a official Barracuda service “BarracudaMailService” that permits the menace actors to execute arbitrary instructions on the ESG equipment, Whirlpool backdooring is a brand new offensive utilized by attackers who established a Transport Layer Safety (TLS) reverse shell to the Command-and-Management (C2) server.
