Security News > 2023 > January > Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
2023-01-06 09:01

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach.

The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.

Rackspace's forensic investigation found that the threat actor accessed the Personal Storage Table of 27 customers out of nearly 30,000 customers on the Hosted Exchange email environment.

It's not currently not known if Rackspace paid a ransom to the cybercriminals, but the disclosure follows a report from CrowdStrike last month that shed light on the new technique, dubbed OWASSRF, employed by the Play ransomware actors.

The mechanism targets Exchange servers that are unpatched against the ProxyNotShell vulnerabilities but have in place URL rewrite mitigations for the Autodiscover endpoint.

The Windows maker, in a statement shared with The Hacker News, urged customers to prioritize installing its November 2022 Exchange Server updates and that the reported method targets vulnerable systems that have not not applied the latest fixes.


News URL

https://thehackernews.com/2023/01/rackspace-confirms-play-ransomware-gang.html