According to Mandiant, Chinese spies, UNC4841, are behind a data-stealing effort that targeted Barracuda Email Security Gateway (ESG) devices globally.
The attacks, which started in October 2022, took use of a serious vulnerability (CVE-2023-2868) in Barracuda ESG equipment. UNC4841 primarily targeted a group of Barracuda ESG appliances across multiple countries and sectors, according to Mandiant. UNC4841, according to Mandiant, is an espionage actor working in behalf of the People’s Republic of China.
UNC4841 infiltrated affected ESG devices through a number of methods, including delivering malicious emails with corrupted attachments. When the attackers gained access to a device, they installed three pieces of malware: Saltwater, Seaspy, and Seaside. These malicious applications let the attackers to remain on the device indefinitely, steal data, and send email to other appliances.
UNC4841 especially targeted high-profile academics in Taiwan and Hong Kong, as well as Asian and European government leaders in Southeast Asia, according to Mandiant. These persons’ emails and other sensitive data were stolen by the attackers.
The sources for this piece include an article in TheRegister.