I've been posting recently about the Barracuda Networks compromise of their email security gateway. It seems like it might have been the Chinese:
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant.
Barracuda discovered a critical bug, tracked as CVE-2023-2868, in these appliances on May 19, we're told, and pushed a patch to all affected products the following day.
...Meanwhile, Mandiant, who has been working with Barracuda to investigate the exploit used and the malware subsequently deployed, today identified a China-based threat group it tracks as UNC4841, and said the snoops targeted a "subset" of Barracuda ESG appliances across several regions and sectors.
"Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," the Google-owned threat intel team said today.
Why do you rob banks? Because that's where the money is. If instead of money, you're after user data then email servers/gateways are a pretty rich target.
Corporate IT departments are like people who leave their doors unlocked. The criminals are responsible but why make it easy
ReplyDeleteAct of war?
ReplyDelete