Bulletin — May 2023

May is the month two opposite things happen at the same time. On one side, Barracuda admits an actor with Chinese tradecraft has had access to ESG appliances for 7 months and asks customers to physically replace the hardware. On the other, Microsoft Build sells Copilot as universal integration across Windows, Office and Azure — AI security goes from research to a product category.

In between, Kaspersky uncovers an espionage operation against its own employees with a no-click iOS implant delivered via iMessage.

CVE-2023-2868 — Barracuda ESG and trust in the appliance

23 May. Barracuda publishes an advisory on pre-auth command injection in the ESG’s TAR-file parser. CVSS 9.8. 31 May: Barracuda announces that the patch is not enough and asks customers to physically replace the appliances. UNC4841 has been inside since October 2022.

The bug is textbook (qx{} Perl on the filename inside the TAR). The serious part isn’t the bug — it’s the persistence: SALTWATER, SEASPY, SEASIDE planted in firmware and modules a normal patch doesn’t touch.

We’ve analysed it with code and full attribution.

Source: https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally

Microsoft Build — Copilot everywhere

23–25 May. Microsoft Build 2023. Key announcements:

• Windows Copilot — a panel in Windows 11 that calls the OpenAI model for system actions.
• Microsoft 365 Copilot enters paid early access for enterprise customers. Integrates GPT-4 with Graph data (emails, files, calendar, Teams).
• GitHub Copilot Chat — conversational chat inside VS Code, with access to the repo.
• Plugins shared between ChatGPT and Microsoft Copilot — the same plugin standard for both ecosystems.

For AI security: this is the moment the LLM scope in product shifts from “chatbot in a tab” to “assistant with access to all your corporate data”. The operational worry: the markdown exfil pattern we analysed in April now applies to Copilot reading emails. Any incoming email with embedded instructions is a potential vector.

Microsoft announces “responsible AI” without much technical content — the specific safety story will get published over the following months.

Source: https://blogs.microsoft.com/blog/2023/05/23/microsoft-build-brings-ai-tools-to-the-forefront-for-developers/

Operation Triangulation — no-click iOS implant

1 June (work done through May). Kaspersky publishes that during a month-long sweep of its own environment it discovered an espionage campaign against its own employees via iPhone. The implant arrives by iMessage (malformed PDF), runs without interaction, persists in memory and talks to C2 over HTTPS. After execution, it deletes the iMessage from the inbox automatically.

Characteristics that stand out:

• No click, no user interaction.
• Pivots through at least four iOS 0-days (patched in iOS 16.5.1 and later).
• Specific targets: Kaspersky researchers, managers and employees.
• Capability: keychain reading, microphone, location, files, messages.

No public attribution from Kaspersky, though the Russian FSB issues a parallel statement accusing the US NSA (the attribution hasn’t been independently verified). The technical detail Kaspersky publishes is exhaustive, rare to see in a live operation against a security company.

Source: https://securelist.com/operation-triangulation/109842/

Rest of the month

• Apple iOS 16.5 (May) — patches for CVE-2023-32409 (WebKit sandbox escape) exploited in the wild.
• Toyota Japan — confirms public exposure (cloud misconfiguration) of location data on 2.15M customer vehicles over 10 years. No credential access, but the geolocation data was publicly accessible.
• MOVEit — Progress Software starts investigating anomalous activity it will confirm in early June (preview of next month’s event).
• PaperCut MF/NG — CVE-2023-27350, pre-auth RCE in print-management software. Bl00dy ransomware and Cl0p add it to their toolkits through the month.

Cross-cutting pattern

Three very different fronts, one signal: the adversary is where your telemetry isn’t. Barracuda didn’t detect UNC4841 in 7 months because the appliance is opaque to the customer. Kaspersky found Triangulation because it ran deep traffic analysis on its iPhones — analysis the average user doesn’t do. And Microsoft is rolling Copilot out to millions of employees with no enterprise telemetry on which emails and files the LLM hands to the model, and what it answers.

The defender’s question for the month: what does each of your appliances, agents and devices do that you aren’t logging?