FBI FLASH: Suspected PRC Cyber Actors Continue to Globally Exploit Barracuda ESG Zero-Day Vulnerability

Action strongly suggested: Utilities which use and have not already isolated or replaced impacted Barracuda Email Security Gateway (ESG) appliances are encouraged to address immediately.

The FBI published a TLP:CLEAR FLASH (AC-000172-TT) emphasizing the Barracuda warning from early June to immediately replace impacted appliances.

As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances, the FBI has independently verified that all exploited ESG appliances, even those with patches pushed out by Barracuda, remain at risk for continued computer network compromise from suspected PRC cyber actors exploiting this vulnerability. The FBI strongly advises all affected ESG appliances be isolated and replaced immediately, and all networks scanned for connections to the provided list of indicators of compromise immediately. For more details regarding malware found to date related to this exploit and learn more about Barracuda backdoors, please visit CISA Releases Malware Analysis Reports on Barracuda Backdoors. See the attached FLASH report below.