HomeTechnologyCISA: New Submarine malware...

CISA: New Submarine malware found on hacked Barracuda ESG appliances


CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ networks by exploiting a now-patched zero-day bug.

A suspected pro-China hacker group (UNC4841) deployed the backdoor in a series of data-theft attacks detected in May but active since at least October 2022.


Barracuda revealed that the attackers exploited the CVE-2023-2868 remote command injection zero-day to drop previously unknown malware dubbed Saltwater and SeaSpy and a malicious tool called SeaSide to establish reverse shells for easy remote access.

Last month, Barracuda took an unconventional approach and offered replacement devices to all affected customers at no charge.

This decision came after issuing a warning that all compromised ESG (Email Security Gateway) appliances needed immediate replacement instead of merely re-imaging them with new firmware.

Mandiant Incident Response Manager John Palmisano told BleepingComputer at the time that this was recommended out of caution, as the company could not ensure the complete removal of malware.

Unknown backdoor found on hacked ESG appliances

On Friday, CISA revealed that another new malware strain known as Submarine—and also tracked by Mandiant as DepthCharge—was found on the compromised appliances, a multi-component backdoor used for detection evasion, persistence, and data harvesting.

“SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that, in a multi-step process, enable execution with root privileges, persistence, command and control, and cleanup,” CISA said in a malware analysis report published on Friday.

“In addition to SUBMARINE, CISA obtained associated Multipurpose Internet Mail Extensions (MIME) attachment files from the victim. These files contained the contents of the compromised SQL database, which included sensitive information.”

In the wake of the attacks, Barracuda provided guidance to affected customers, advising them to thoroughly review their environments to verify that the attackers had not compromised other devices within their networks.

This advice aligns with today’s warning from CISA, which says that the “malware poses a severe threat for lateral movement.”

Those who encounter suspicious activities linked to the Submarine malware and the Barracuda ESG attacks are urged to contact CISA’s 24/7 Operations Center at Report@cisa.gov.

Barracuda says its services and products are used by over 200,000 organizations worldwide, including high-profile ones such as Samsung, Delta Airlines, Kraft Heinz, and Mitsubishi.



Source link

Most Popular

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More from Author

Read Now

Team India Squad for T20 World Cup 2024 Announced: Here’s India’s official team for T20 WC – Republic World

India T20 World Cup squad announcement | Image:APTeam India's squad for the upcoming ICC T20 World Cup 2024 has been announced. On Tuesday, the selection committee led by chief selector Ajit Agarkar convened in Ahmedabad and zeroed in on a 15-member unit, which they deem is the...

Justice Minallah says state has to protect judges, independence of judiciary

Justice Athar Minallah on Tuesday said the state had to protect the judges and the judiciary’s independence as the Supreme Court took up a suo motu case pertaining to allegations of interference in judicial affairs.A six-member bench resumed...

Stock futures slip slightly as investors look ahead to Fed decision, megacap earnings: Live updates

Traders work on the floor of the New York Stock Exchange during morning trading on February 29, 2024 in New York City. Michael M. Santiago | Getty ImagesU.S. stock futures fell slightly Tuesday morning after a positive start to the week, as investors brace for megacap earnings,...

Europe’s Economic Laggards Have Become Its Leaders

Something extraordinary is happening to the European economy: Southern nations that nearly broke up the euro currency bloc during the financial crisis in 2012 are growing faster than Germany and other big countries that have long served as the region’s growth engines.The dynamic is bolstering the...

Trump’s Plans for the Fed Make No Sense, Even for Him

A second Trump administration might be very different from the first, and that includes how the president treats the Fed. Donald Trump complained a lot about the US Federal Reserve when he was president, jawboning for lower interest rates and questioning its competence. Yet at the...

Police to launch raids to find migrants to deport to Rwanda, Cabinet Minister claims

Police will mount raids to find missing migrants so they can be deported to Rwanda, a Cabinet minister has said.Health Secretary Victoria Atkins was commenting on reports that the Home Office has lost contact with thousands of people who are set to be removed from the...

The French #Metoo Scandal Unraveling in Weinstein’s Shadow

French actor Gérard Depardieu was ordered to stand trial for allegedly sexually assaulting two women on a film set three years ago, marking the latest legal escalation for the 75-year-old movie star who has become a central figure in France’s #MeToo movement.The announcement coincides with a...

Hong Kong Bitcoin and Ether ETFs Have Soft Debut

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired...

Customization Overview | Halo Infinite CU32

Operation: Banished Honor arrives on April 30 and you’re gonna want to look the part! After all, the Banished welcome all who pledge their service to Atriox, and your new allegiance and mindset demands a new outfit, so let’s find out more about the customization that...

T20 World Cup 2024 Squads: From India To Australia, Check Here Team-Wise Full Players List, Venues, Fixture, Timings And More

ICC T20 World Cup 2024 Cricket Matches Full Schedule: The T20 World Cup 2024 promises to be an exhilarating showcase of cricketing talent from around the globe. With teams from various nations competing for the prestigious title, fans can expect intense matches filled with thrilling moments...

How the Twins’ summer sausage celebration got made: It sparked the offense, but should they eat it?

CHICAGO — With Abe Froman unavailable, I called sausage expert Elias Cairo to address Rocco Baldelli’s concerns about a potentially hazardous pre-encased meat currently residing in the Minnesota Twins clubhouse.Nearly a week after it arrived and with the package showing visible signs of wear, tear and...