China’s UNC4841 Shifts Focus to Exploit New Barracuda ESG Zero-Day Vulnerability

UNC4841, a Chinese state threat actor, has returned to targeting high-profile Barracuda customers. Last year, they exploited a remote code execution vulnerability in Barracuda Networks’ Email Security Gateway (ESG) appliances, and now they have exploited a newly disclosed zero-day vulnerability. Barracuda released an update to address the vulnerability but UNC4841 had already used it to deliver new variants of its malware to a limited number of devices. The vulnerability is an arbitrary code execution flaw in the open-source Amavis virus scanner, which runs on ESG appliances. Mandiant, a cybersecurity company, confirmed that the campaign was part of UNC4841’s ongoing espionage operations and Barracuda responded promptly by deploying updates to address the vulnerability. The vulnerability can be easily exploited through a specially crafted Excel attachment in an email, without any input required from the user. While Barracuda customers do not need to take further action since the update was deployed automatically, UNC4841’s interest in Barracuda Networks’ products dates back over a year, and it is advised that customers continue to monitor for any signs of UNC4841’s presence in their networks. UNC4841 is considered to be a “well-resourced” operation targeting high-value organizations such as government bodies, high-tech companies, telcos, manufacturing, and educational institutions. It is likely that UNC4841 will continue to modify its tactics and seek out new vulnerabilities in edge appliances in the future.

Unlock your business potential with our expert guidance. Get in touch now!

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role

hybrid-cloud-storage-fotolia.jpg

Trump’s Visit Strengthens Saudi Arabia’s AI Initiatives

threat-management-fotolia.jpg

Security Tests Uncover Major Vulnerability in Government’s One Login Digital ID System