Security company Barracuda Networks has closed a vulnerability in its ESG that was exploited by a Chinese hacking group.

A zero-day in Barracuda Networks’ email software was used by hackers to steal data for months earlier this year. Now the security company discovered a new vulnerability in its ESG, which has now been patched. The vulnerability has been identified as CVE-2023-7102 and involves an arbitrary code execution vulnerability in a third-party library, viz Spreadsheet::ParseExcel. This allows an attacker to execute any command or code of their choice on a target system or software application. Barracuda has made an update that will be applied automatically.

Excel email attachment

The attacker exploited the vulnerability and apparently used a specially crafted Excel email attachment that targeted a limited number of ESG devices. After gaining access, the attacker was found to be deploying new Seaspy and Salftware malware variants on these devices.

The threat group attributed to this attack appears to be the same as that of a previous attack on Barracuda ESGs. For the current attack, the company has implemented an automatic update that does not require user intervention.

Suspicion of espionage

No details have been released yet about which Barracuda customers were targeted in this attack, but they are currently investigating espionage. In the past, the attackers have already targeted companies and organizations from the defense, space, high-tech and telecommunications sectors, including in our country.

In addition to the CVE-2023-7102 vulnerability, Barracuda has reported a second vulnerability, CVE-2023-7101. There is no patch or update available for this in the open source library. Organizations that Spreadsheet::ParseExcel Users are advised to take immediate remedial action for their own products or services.