Hacked Barracuda ESGs impacted by novel Submarine malware

U.S. federal networks were reported by the Cybersecurity and Infrastructure Security Agency to have had their Barracuda Email Security Gateway compromised with the novel Submarine malware, also known as DepthCharge, in attacks by suspected China-linked threat operation UNC4841 involving the exploitation of a remote command injection vulnerability, tracked as CVE-2023-2868, in May, according to BleepingComputer.

agency attacks barracuda china command command injection compromised cve cve-2023-2868 cybersecurity email email security email security gateway exploitation federal federal networks gateway hacked infrastructure infrastructure security injection malware may networks novel security security gateway submarine threat vulnerability