HomeTechnologyCISA: New Submarine malware...

CISA: New Submarine malware found on hacked Barracuda ESG appliances


CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ networks by exploiting a now-patched zero-day bug.

A suspected pro-China hacker group (UNC4841) deployed the backdoor in a series of data-theft attacks detected in May but active since at least October 2022.


Barracuda revealed that the attackers exploited the CVE-2023-2868 remote command injection zero-day to drop previously unknown malware dubbed Saltwater and SeaSpy and a malicious tool called SeaSide to establish reverse shells for easy remote access.

Last month, Barracuda took an unconventional approach and offered replacement devices to all affected customers at no charge.

This decision came after issuing a warning that all compromised ESG (Email Security Gateway) appliances needed immediate replacement instead of merely re-imaging them with new firmware.

Mandiant Incident Response Manager John Palmisano told BleepingComputer at the time that this was recommended out of caution, as the company could not ensure the complete removal of malware.

Unknown backdoor found on hacked ESG appliances

On Friday, CISA revealed that another new malware strain known as Submarine—and also tracked by Mandiant as DepthCharge—was found on the compromised appliances, a multi-component backdoor used for detection evasion, persistence, and data harvesting.

“SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that, in a multi-step process, enable execution with root privileges, persistence, command and control, and cleanup,” CISA said in a malware analysis report published on Friday.

“In addition to SUBMARINE, CISA obtained associated Multipurpose Internet Mail Extensions (MIME) attachment files from the victim. These files contained the contents of the compromised SQL database, which included sensitive information.”

In the wake of the attacks, Barracuda provided guidance to affected customers, advising them to thoroughly review their environments to verify that the attackers had not compromised other devices within their networks.

This advice aligns with today’s warning from CISA, which says that the “malware poses a severe threat for lateral movement.”

Those who encounter suspicious activities linked to the Submarine malware and the Barracuda ESG attacks are urged to contact CISA’s 24/7 Operations Center at Report@cisa.gov.

Barracuda says its services and products are used by over 200,000 organizations worldwide, including high-profile ones such as Samsung, Delta Airlines, Kraft Heinz, and Mitsubishi.



Source link

Most Popular

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More from Author

“Purge The Party”: Navjot Sidhu’s War Cry Amid Congress’ Himachal Crisis

<!-- -->The Congress' Punjab leader, Navjot Singh Sidhu, this morning...

Google CEO says Gemini AI diversity errors are ‘completely unacceptable’

Hi everyoneI want to address the recent issues with problematic...

Read Now

Jon Stewart breaks down in tears as he shares sad news with Daily Show viewers

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emailsSign up to our free breaking news emailsJon Stewart broke down in tears as he shared some sad news with The Daily Show viewers on Monday (26 February)....

“Purge The Party”: Navjot Sidhu’s War Cry Amid Congress’ Himachal Crisis

<!-- -->The Congress' Punjab leader, Navjot Singh Sidhu, this morning launched a strong attack on six party lawmakers who cross-voted in Tuesday's Rajya Sabha election - handing the party a defeat in an exercise it should have won with ease - and then appeared to ally...

Stock futures inch lower Wednesday as investors await fresh inflation data: Live updates

Traders on the floor of the New York Stock Exchange on April 14, 2022.Source: NYSEStock futures ticked lower Wednesday as investors looked ahead to a key inflation report due later this week.Futures tied to the Dow Jones Industrial Average slipped 40 points, or 0.1%. S&P 500...

Google CEO says Gemini AI diversity errors are ‘completely unacceptable’

Hi everyoneI want to address the recent issues with problematic text and image responses in the Gemini app (formerly Bard). I know that some of its responses have offended our users and shown bias — to be clear, that’s completely unacceptable and we got it wrong.Our...

On the radar: Three Cabinet Secretaries to appear before Senators

Cabinet Secretaries Kithure Kindiki (Interior), Mithika Linturi (Agriculture) and Zacharia Njeru (Water) are scheduled to appear before the Senate plenary.The trio will appear to respond to questions from members. Kindiki is expected to provide a status update on investigations into the inter-communal clashes that occurred...

Strus’ 59-foot buzzer beater lifts Cavs over Mavs

CLEVELAND — The best pass of Evan Mobley’s life, the worst tackle of Caris LeVert’s and only the second-best buzzer beater to win a game in Max Strus’ nearly 28 years on this planet.This is what pandemonium looked like Tuesday night in Cleveland.Strus unleashed a 59-footer...

Texas’ win marred as angry TTU fans throw bottles

LUBBOCK, Texas -- Dylan Disu scored 21 points, Max Abmas added 18 and Texas rode a big first half to a 81-69 victory over Texas Tech on Tuesday night in a game that included a significant delay after fans threw objects onto the floor.Midway through the...

UAE vs Canada, ICC Cricket World Cup League 2, Live Score: Toss At 11:00 AM IST

UAE vs Canada Live Score: UAE will take on Canada in the 7th match of the ICC World Cup League 2 2023-2027. UAE will be keen to perform well and qualify for the ODI World Cup 2027. UAE have named a strong squad for the series,...

Apple kills its electric car project: sources

STORY: Apple has hit the brakes on its project to create an electric car a source told Reuters Tuesday its cancelling work on the idea altogether.Bloomberg , which also reported the development, said employees working on Apple’s EV will shift instead to a unit for AI.Apple...

Nintendo Sets Its Sights On Switch Emulator Yuzu In New Lawsuit

When he’s not paying off a loan to Tom Nook, Liam likes to report on the latest Nintendo news and admire his library of video games. His favourite Nintendo character used to be a guitar-playing dog, but nowadays he prefers to hang out with Judd the...

Royals mourn Prince Michael of Kent’s son-in-law – BBC News

By Sean CoughlanRoyal correspondent27 February 2024Updated 9 hours agoImage source, Lady Gabriella Kingston/ Buckingham PalaceA Buckingham Palace spokesman said that King Charles and Queen Camilla "join Prince and Princess Michael of Kent and all those who knew him in grieving a much-loved member of the family".He...

3 keys to BYU’s stunning 76-68 win over No. 7 Kansas

LAWRENCE, Kansas — BYU picked up its biggest win in the Mark Pope era Tuesday night at Phog Allen Fieldhouse, stunning No. 7 Kansas 76-68 in a pivotal Big 12 game.The Cougars (8-7, 20-8) trailed by as many as 12 points in the second half before...