Sri Lanka: Report called over cyberattack on government sites

The Ministry of Technology said an investigation was called into the cyberattack that transpired on the 26th of August 2023. The statement added that the cyberattack, which targeted email systems under the ‘gov.lk’ domain, resulted in substantial data loss and Read More …

Storm-0558: Understanding How Microsoft Failed to Protect Itself

You’re undoubtedly familiar with the so-called Storm-0558 attacks from July 2023. If not a quick recap: these attacks (widely attributed as the work of the Chinese government) compromised a number of high-value Exchange Online mailboxes, including the US Secretary of Read More …

CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as Read More …

CISA Releases Malware Analysis Reports on Barracuda Backdoors

CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early Read More …

Common typo causes millions of emails intended for members of the US military to be sent to accounts in Mali

Millions of emails intended for Pentagon employees were inadvertently sent to email accounts in Mali over the last decade because of typos caused by the similarity of the US military’s email address and the domain for the West African country, Read More …

Analysis of Storm-0558 techniques for unauthorized email access

As described in more detail in our July 11 blogs, Storm-0558 is a China-based threat actor with espionage objectives. Beginning May 15, 2023, Storm-0558 used forged authentication tokens to access user email from approximately 25 organizations, including government agencies and Read More …

Commerce Secretary Gina Raimondo’s emails hacked in Microsoft cyber breach

Commerce Secretary Gina Raimondo’s emails were hacked as part of the Microsoft cyber breach, according to a source familiar with the investigation. Microsoft’s Outlook systems were breached by Chinese hackers, according to the company. The breach was discovered in May. Read More …

Critical Barracuda 0-day was used to backdoor networks for 8 months

A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The software bug, tracked as CVE-2023-2868, is a remote-command injection vulnerability that stems from incomplete Read More …