FBI warns that Barracuda ESG appliances should be removed from use immediately.
Take action: Time to say goodbye to your Barracuda ESG. It's probably already compromised and it's not likely it will ever be fully trusted again.
Learn More
The FBI has issued an immediate warning to Barracuda customers who are still using the vendor's vulnerable Email Security Gateway (ESG) appliance, requesting to immediately remove the ESG from operation.
A substantial number of these appliances worldwide were targeted in a zero-day attack detected in May, which has been attributed to an unknown threat group named UNC4841 and suspected to have ties to China.
Although Barracuda released patches for the critical CVE-2023-2868 vulnerability and offered to replace compromised appliances, the FBI has escalated concerns by stating that even patched appliances remain at risk for network compromise from suspected Chinese cyber actors. UNC4841 is known to have exfiltrated data, particularly from the public sector, and the FBI's warning is partly fueled by the high number of government agencies affected.
The FBI continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit
The ESG vulnerability allows attackers to send an email with a malicious attachment, which when scanned by the ESG triggers the ESG to connect to an attack server and establish a reverse shell, allowing further remote commands to be executed on the ESG.
This enabled activities such as data exfiltration, email scanning, credential harvesting, and persistent access to compromised systems.
