Security News > 2023 > January > Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.
"We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.
Customers attempting to connect to Rackspace's Hosted Exchange environment started having trouble on December 2, 2022, and soon enough the company confirmed that a security breach had taken place, due to a ransomware attack.
While the company is set to deliver within two weeks an on-demand solution for those customers who wish to download their archived data, there can be no going back to using the Rackspace Hosted Exchange service.
Customers who don't want to or can't migrate to Microsoft 365 - but still have faith in the company's security capabilities - have been pointed towards the Rackspace Email service.
Trend Micro researchers have documented Play ransomware's attack playbook in September 2022, but obviously the ransomware group's initial access capabilities have been improved with the use of this new Exchange exploit chain - and Rackspace suffered as a consequence.
News URL
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)