Hackers Exploit Barracuda Zero-Day Flaw Since 2022

Cybersecurity firm Barracuda Networks, owned by KKR, has confirmed a cyber attack exploiting a Zero Day flaw in its Email Security Gateway (ESG) appliance. The vulnerability, identified as CVE-2023-2868, enabled threat actors to extract data using three types of malware. The earliest known incident linked to this attack dates back to October 2022. Barracuda has since applied a security patch to all ESG appliances globally and confirmed that no other products were affected.