A week after the initial advisory, Barracuda has been asking its users to replace the whole ESG appliances for good – to avoid hacker intrusions.

Barracuda’s ESG devices were infested with a critical command injection flaw that was later resolved by a patch. Yet, Barracuda advises users to replace their whole ESG appliances without mentioning a reason. Hackers had been targeting these vulnerable ESG appliances with special malware to steal information all this time.

Barracuda’s Reliable Remediation

To the unknown, Barracuda is an email and network security company serving over 200,000 organizations in its portfolio, including some high-profile companies like Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz. Late last month, the company shared an advisory stating that its Email Security Gateway (ESG) appliances are under attack due to a remote command injection flaw tracked as CVE-2023-2868.

This was termed a zero-day vulnerability, and hackers around the world are soon to catch up on this with a new script. Barracuda says that threat actors have been exploiting the bug for at least seven months and have been stealing the client’s data!

More specifically, attackers have been installing Saltwater malware to backdoor a subset of ESG devices. This allowed them persistent access to install reverse shells, which led them to steal sensitive data from the victim companies.

Even though Barracuda shared a security update to patch this, it wasn’t safe, as the company now asks its users to replace the affected ESG appliance for good! Those who haven’t done so are urged to contact the support team via email urgently.

Other clients (users) are also advised to investigate their environments for signs of intrusion, while CISA has added the CVE-2023-2868 vulnerability to its catalog of bugs under exploitation and asks federal agencies with ESG appliances to check their networks for evidence of breaches.