"Barracuda ESG Hacks Focused On China's 'High Priority Targets'"

According to researchers at Mandiant, the hackers responsible for a recent campaign targeting Barracuda Email Security Gateway (ESG) devices have conducted follow-up attacks against compromised organizations considered "high priority targets" by the Chinese government, and have made significant efforts to evade victims' remediation actions. Between October 2022 and June 2023, a previously unknown threat group, UNC4841, which Mandiant and the FBI revealed to have clear ties to China, compromised Barracuda ESG appliances globally. Barracuda hired Mandiant to investigate the attacks when they were discovered in May, and the company has been collaborating closely with affected organizations and authorities in multiple jurisdictions. In a recent report, Mandiant notes that UNC4841 was able to launch additional malware to maintain a presence on a smaller group of targeted networks, even as organizations scrambled to address the initial attacks. A few victims remained at risk from the novel backdoor malware, DEPTHCHARGE, that the threat group deployed in response to remediation efforts. This article continues to discuss Barracuda ESG hacks focusing on China's high priority targets. 

SC Magazine reports "Barracuda ESG Hacks Focused On China's 'High Priority Targets'"