Thursday, June 15, 2023

More on the security email gateway hack

I've been posting recently about the Barracuda Networks compromise of their email security gateway.  It seems like it might have been the Chinese:

Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.

Barracuda discovered a critical bug, tracked as CVE-2023-2868, in these appliances on May 19, we're told, and pushed a patch to all affected products the following day. 

...

Meanwhile, Mandiant, who has been working with Barracuda to investigate the exploit used and the malware subsequently deployed, today identified a China-based threat group it tracks as UNC4841, and said the snoops targeted a "subset" of Barracuda ESG appliances across several regions and sectors.

"Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," the Google-owned threat intel team said today.

Why do you rob banks?  Because that's where the money is.   If instead of money, you're after user data then email servers/gateways are a pretty rich target.

 

2 comments:

  1. Corporate IT departments are like people who leave their doors unlocked. The criminals are responsible but why make it easy

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.