![](https://static.wixstatic.com/media/34c96e_7c6f241463d947d2b60780101ca202fd~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_7c6f241463d947d2b60780101ca202fd~mv2.jpg)
Mandiant (Google Cloud) reports a new wave of attacks against Barracuda email security gateway (ESG) appliances attributed to a China-nexus actor tracked as UNC4841.
The attacks exploit a vulnerability tracked as CVE-2023-7102 whose CVSS score has not been officially assigned yet. The flaw exists in Spreadsheet::ParseExcel, an open-source library used by the Amavis scanner within the Barracuda ESG.
Once the initial foothold has been obtained, the attacker was observed deploying variants of post-exploitation tools including SEASPY and SALTWATER.