 Mandiant just dropped the report and we now understand how the Barracuda email appliances were hacked. Starting as early as October of 2022, Thread Actors had sent emails to victim organizations that contained specifically crafted tar file attachments designed to exploit CVE 2023 2868. The exploit was done through unsanitized and unfiltered user control input via the Perl QX routine. This was done via tar files and it appears that the emails were made specifically to look like spam so they avoided the inbox for further analysis. Because the Barracuda box processes all emails coming in, anything that was actually a tar file, even if it had different extensions, was run through this Perl command and then allowed the exploitation and then lateral movement into these networks. Many of these companies were government organizations and other large scale companies. This attack went unnoticed for quite a long time, about eight months before Barracuda found it. Mandiant's write up is linked down below. I highly recommend you read it. It's a good read and it's a really interesting insight into this attack.