Barracuda recently patched a critical vulnerability in its Email Security Appliances (ESG) which was being targeted by cybercriminals. The company now reveals that the first attacks on the vulnerability took place seven months ago, in October 2020. The CVE-2023-2868 vulnerability was misused by attackers to gain unauthorized access to ESG appliances, and malware acting as a persistent backdoor was found on affected appliances.
The IT analysts have found several malware files on the ESG appliances. These include ‘Saltwater,’ a trojanized module for the Barracuda SMTP daemon (bsmtpd), and Seaspy, an x64 ELF binary that appears as a legitimate Barracuda Networks service and monitors network traffic. Also found was Seaside, a Lua-based module for the Barracuda SMTP daemon that monitors the SMTP HELP/EHLO commands.
The analysis also indicates that data leaked from some infiltrated ESG appliances. However, Barracuda does not mention any further details. Indicators of Compromise (IoCs) have also been added to help examine customer networks.
