CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. 

Download the newly released IOCs associated with this activity:

Review the following advisories for more information:  

• Barracuda: Barracuda Email Security Gateway Appliance (ESG) Vulnerability
• Mandiant: Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

See CISA Releases Malware Analysis Reports on Barracuda Backdoors for malware analysis reports (MARs) covering previously released IOCs and YARA rules and Barracuda Networks Releases Update to Address ESG Vulnerability.