top of page

Barracuda Email Security Gateway Attacked By China-Nexus Actor

  • Writer: Clipeus
    Clipeus
  • Dec 28, 2023
  • 1 min read


Mandiant (Google Cloud) reports a new wave of attacks against Barracuda email security gateway (ESG) appliances attributed to a China-nexus actor tracked as UNC4841.


The attacks exploit a vulnerability tracked as CVE-2023-7102 whose CVSS score has not been officially assigned yet. The flaw exists in Spreadsheet::ParseExcel, an open-source library used by the Amavis scanner within the Barracuda ESG.


Once the initial foothold has been obtained, the attacker was observed deploying variants of post-exploitation tools including SEASPY and SALTWATER.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page