Category: Barracuda

In recent times, we’ve seen a surge of news stories detailing cyberattacks on various companies, ranging from DDoS attacks to data breaches. However, a new report sheds light on a significant breach involving a Chinese hacking group infiltrating the network of Belgium’s Intelligence and Security Agency (VSSE). The attackers exploited a vulnerability in the firewalls and email security software provided by Barracuda Networks.

The State Security Service (VSSE) provided some insight into the incident in a statement to Le Soir, where a spokesperson confirmed that a Chinese hacking group (whose name remains undisclosed) had gained unauthorized access to the VSSE’s external email servers between 2021 and 2023. The breach was discovered in November 2023, prompting an investigation, which revealed that the hackers exploited a flaw in Barracuda Networks’ software to steal data.

Following a thorough investigation, the VSSE identified that the fault lay with the security system. As a result, in February 2024, the agency severed ties with Barracuda Networks and enlisted a new security software provider to address their security needs moving forward.

In response to the news, Lesley Sullivan, a spokesperson for Barracuda Networks, clarified that the company was not responsible for the breach. Sullivan emphasized that it was the VSSE’s responsibility to secure its assets, and Barracuda’s role was limited to providing the necessary tools for the agency to safeguard its network.

From Barracuda’s perspective, the company had taken action to resolve the critical flaw in its Email Security Gateway (ESG) software in May 2023, well before the breach was discovered. The flaw had likely been overlooked by the agency’s administrators. The ESG software is designed to monitor the flow of inbound and outbound emails while filtering out malicious content.

Cybersecurity insiders report that the breach, attributed to China-backed threat actors, resulted in unauthorized access to over 10% of the VSSE’s email traffic. While no classified information was compromised, much of the stolen data was related to internal communications between employees.

The post Belgian Intelligence Agency emails leaked by Barracuda Vulnerability appeared first on Cybersecurity Insiders.

China has reportedly focused its efforts on compromising email servers within several American government networks, raising concerns about potential data exploitation. According to findings from Mandiant, a state-sponsored criminal group targeted the Barracuda Email Security Gateway (ESG) between October and December 2022, deploying two variations of malware.

The ramifications of these cyberattacks involving the Barracuda email system are presently under investigation, with their full extent yet to be unveiled. However, suspicions point to UNC4841, an intelligence group believed to be backed by Beijing, as the orchestrator of the incident. This group is thought to have introduced the SeaSpy and Saltwater malware into approximately 5% of all Barracuda appliances.

The primary objective of the attack seems to be the extraction of sensitive information from high-ranking government officials in North America. In response, Barracuda has released an update addressing the Zero-Day vulnerability in ESG appliances. Those who have fallen victim to the attack or suspect a potential data breach are strongly advised to promptly replace their appliances. Additionally, affected parties are recommended to rotate their enterprise Active Directory (AD) credentials in order to bolster network defenses against potential future incursions.

In a parallel investigation, the Cybersecurity and Infrastructure Security Agency (CISA) disclosed that the same Chinese group was responsible for unleashing the Submarine and Whirlpool malware across a number of high-value targets.

Austin Larsen, Senior Incident Response Consultant at Mandiant, noted that “espionage actors with affiliations to China have refined their toolsets to an extent where they have become more impactful, elusive, and efficient.”

The post Barracuda Email Hack leaks government emails in America appeared first on Cybersecurity Insiders.