Mandiant (Google Cloud) reports a new wave of attacks against Barracuda email security gateway (ESG) appliances attributed to a China-nexus actor tracked as UNC4841.
The attacks exploit a vulnerability tracked as CVE-2023-7102 whose CVSS score has not been officially assigned yet. The flaw exists in Spreadsheet::ParseExcel, an open-source library used by the Amavis scanner within the Barracuda ESG.
Once the initial foothold has been obtained, the attacker was observed deploying variants of post-exploitation tools including SEASPY and SALTWATER.