top of page
  • Clipeus

Barracuda Email Security Gateway Attacked By China-Nexus Actor

Mandiant (Google Cloud) reports a new wave of attacks against Barracuda email security gateway (ESG) appliances attributed to a China-nexus actor tracked as UNC4841.

The attacks exploit a vulnerability tracked as CVE-2023-7102 whose CVSS score has not been officially assigned yet. The flaw exists in Spreadsheet::ParseExcel, an open-source library used by the Amavis scanner within the Barracuda ESG.

Once the initial foothold has been obtained, the attacker was observed deploying variants of post-exploitation tools including SEASPY and SALTWATER.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page