Friday, January 6, 2023
HomeInformation SecurityRackspace Confirms Play Ransomware Gang Chargeable for Latest Breach

Rackspace Confirms Play Ransomware Gang Chargeable for Latest Breach


Jan 06, 2023Ravie LakshmananCloud Safety / Cyber Risk

Cloud providers supplier Rackspace on Thursday confirmed that the ransomware gang often called Play was accountable for final month’s breach.

The safety incident, which happened on December 2, 2022, leveraged a beforehand unknown safety exploit to achieve preliminary entry to the Rackspace Hosted Alternate electronic mail atmosphere.

“This zero-day exploit is related to CVE-2022-41080,” the Texas-based firm mentioned. “Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and didn’t embody notes for being a part of a distant code execution chain that was exploitable.”

Rackspace’s forensic investigation discovered that the menace actor accessed the Private Storage Desk (.PST) of 27 prospects out of practically 30,000 prospects on the Hosted Alternate electronic mail atmosphere.

Nevertheless, the corporate mentioned there is no such thing as a proof the adversary seen, misused, or distributed the client’s emails or information from these private storage folders. It additional mentioned it intends to retire its Hosted Alternate platform as a part of a deliberate migration to Microsoft 365.

It isn’t presently not recognized if Rackspace paid a ransom to the cybercriminals, however the disclosure follows a report from CrowdStrike final month that make clear the brand new method, dubbed OWASSRF, employed by the Play ransomware actors.

The mechanism targets Alternate servers which can be unpatched towards the ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082) however have in place URL rewrite mitigations for the Autodiscover endpoint.

This includes an exploit chain comprising CVE-2022-41080 and CVE-2022-41082 to attain distant code execution in a fashion that bypasses the blocking guidelines by way of Outlook Net Entry (OWA). The failings had been addressed by Microsoft in November 2022.

The Home windows maker, in a press release shared with The Hacker Information, urged prospects to prioritize putting in its November 2022 Alternate Server updates and that the reported technique targets weak methods that haven’t not utilized the newest fixes.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments