Select Page

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022.

“UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People’s Republic of China,” Google-owned Mandiant said in a new report published today, describing the group as “aggressive and skilled.”

The flaw in question is CVE-2023-2868 (CVSS score: 9.8), which relates to a remote code injection affecting versions through that arises as a result of an incomplete validation of attachments contained within incoming emails.

images from Hacker News