Cloud services provider Rackspace has confirmed that the Play ransomware gang is responsible for the December cyberattack and breach on the company’s infrastructure. The attack utilized a zero-day exploit, CVE-2022-41080, as a privilege escalation vulnerability. However, unknown to Microsoft at the time of disclosure, it was also capable of remote code execution that is exploitable.
While there is no updated press release on the company’s website, Rackspace has confirmed to sources such as The Hacker News and BleepingComputer that the threat actors were able to access customer email.
According to the blogs, Rackspace’s forensic teams found that the threat actors accessed the Personal Storage Table (.PST) of “27 customers out of approximately 3,000” on the Hosted Exchange email environment.
Rackspace discontinues Hosted Exchange platform
In direct fallout of the cyberattack, Rackspace has decided to shut down its Hosted Exchange platform as part of a planned migration to Microsoft (Office) 365.
There has been no confirmation if Rackspace paid the ransom demanded by the Play ransomware gang.
Ransomware continues to proliferate across all industry verticals, regardless of company size or security budget. Ransomware continues to target anything from hospitals to governments anywhere in the world.
