Targeting of organizations using Barracuda email security gateway devices

Date of report

June 2023

Affiliations

Believed to be the work of the Chinese government

A Chinese threat actor compromised Barracuda brand email security gateway systems and used access to infiltrate networks attached to the Barracuda products. Once the campaign was detected, the attackers rapidly expanded their persistence on compromised systems, leading Barracuda to tell affected customers to destroy their devices due to the potential for continued compromise.

Suspected victims

Users of the Barracuda email security gateway, including trade offices and academic research organizations in Taiwan and Hong Kong

Suspected state sponsor

China

Type of incident

Espionage

Target category

Government
Civil society

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events