FBI: Unplug exploited Barracuda ESG appliances now
The FBI has warned Barracuda customers to remove the company's Email Security Gateway (ESG) appliances from operation immediately due to a vulnerability that remains exploitable even after patches were issued. The zero-day attack, discovered in May, was attributed to a previously unknown threat group called UNC4841, suspected of being linked to China. The FBI's Cyber Division stated that all exploited ESG appliances are at risk for continued computer network compromise from suspected PRC (People's Republic of China) cyber actors exploiting this vulnerability. UNC4841 is known to have exfiltrated data from some compromised systems, with an emphasis on the public sector. The FBI listed seven domains and 61 IP addresses as indicators of compromise and advised networks to scan various network logs for connections to any of the listed indicators. CVEs: CVE-2023-2868 Malware: SALTWATER, SEASPY, SEASIDE, WHIRLPOOL [View Article](https://www.scmagazine.com/news/fbi-unplug-exploited-barracuda-esg-appliances-now)