Submarine Malware Used To Backdoor Barracuda ESG Appliances, CISA Warns

CISA has reported the use of new malware named Submarine to backdoor Barracuda ESG appliances on federal agencies' networks. The attackers, a suspected pro-China hacker group (UNC4841), exploited a now-patched zero-day bug in a series of data-theft attacks that were active since at least October 2022. The attackers utilized the CVE-2023-2868 remote command injection zero-day to drop three types of malware: Saltwater, SeaSpy, and SeaSide. These allowed them to establish reverse shells for easy remote access. In response, Barracuda took an unconventional approach, offering free replacement devices to affected customers instead of just re-imaging the compromised appliances with new firmware. This decision was taken as a precaution, given the uncertainty about completely removing the malware. Read more...