Barracuda Email Security Gateway malicious campaign

14 September 2023
The Australian Cyber Security Centre has released an alert about a malicious campaign focused on exploiting a known vulnerability in Barracuda Email Security Gateway (ESG) appliances.

A limited number (5%) of ESG appliances worldwide were compromised in this campaign, including the confirmed compromise of at least one Australian entity. No additional instances of compromise have been identified since Barracuda released a security patch to mitigate the vulnerability in May 2023. However, you are encouraged to stay vigilant of any suspicious activity.

Please refer to the alert shared by the department on 7 September 2023 about this campaign, including mitigation actions, on the Victorian Data Security Standards (VPDSS) SharePoint site and take necessary actions, as required.

If you do not have access to the VPDSS site, email .