Attackers hacked Barracuda ESG appliances via zero-day since October 2022

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability resulted in the deployment of three types of malware and data exfiltration.

Zeor-day exploited, Barracuda ESG appliances backdoored.

On May 23, Barracuda Networks publicly acknowledged that attackers have been exploiting CVE-2023-2868 to breach Email Security Gateway on-prem physical appliances at various organizations.

Today, they confirmed that the first patch, which remediated the remote command injection vulnerability, was applied to all ESG appliances worldwide on May 20, and was followed by a script that was “Deployed to all impacted appliances to contain the incident and counter unauthorized access methods.”

SALTWATER, a trojanized module for the Barracuda SMTP daemon, which serves as a backdoor that has proxy and tunneling capabilities and allows attackers to upload or download arbitrary files and execute commands.

SEASPY, an x64 ELF persistence backdoor that poses as a legitimate Barracuda Networks service and establishes itself as a PCAP filter, specifically monitoring traffic on port 25 SEASIDE, a Lua-based module for the Barracuda SMTP daemon that establishes a connection to the attackers’ C2 server and helps establish a reverse shell.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.