"CISA Discovered a New Backdoor, Named Whirlpool, Used in Barracuda ESG Attacks"
Whirlpool, a new backdoor discovered by the US Cybersecurity and Infrastructure Security Agency (CISA), was used in attacks against Barracuda Email Security Gateway (ESG) devices. Barracuda, a provider of network security solutions, warned customers at the end of May that some of its ESG appliances had been compromised by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, exists in the email attachment screening module. The issue was discovered on May 19, and the company issued two security patches to address it on May 20 and 21. The company's investigation revealed that the vulnerability was exploited to target a subset of email gateway devices. According to the vendor's statement, the vulnerability has been exploited in real-world scenarios since at least October 2022. The malware families involved in the attacks are SALTWATER, SEASPY, and SEASIDE. This article continues to discuss the new backdoor Whirpool used in attacks against Barracuda ESG appliances.