CISA has released additional [indicators of compromise (IOCs)] associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances.
Download the newly released IOCs associated with this activity:
AIS IB-23-20071 IOCs Associated with Exploitation of Barracuda ESG Vulnerability CVE-2023-2868 16132771.stix_.json (JSON, 0.00 KB )
Review the following advisories for more information:
[ul]
[li]Mandiant: Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)[/li][li]Barracuda: Barracuda Email Security Gateway Appliance (ESG) Vulnerability[/li][/ul]
See CISA Releases Malware Analysis Reports on Barracuda Backdoors for malware analysis reports (MARs) covering previously released IOCs and YARA rules and Barracuda Networks Releases Update to Address ESG Vulnerability.