[ad_1]
Cloud companies supplier Rackspace on Thursday confirmed that the ransomware gang generally known as Play was chargeable for final month’s breach.
The safety incident, which happened on December 2, 2022, leveraged a beforehand unknown safety exploit to achieve preliminary entry to the Rackspace Hosted Exchange e mail atmosphere.
“This zero-day exploit is related to CVE-2022-41080,” the Texas-based firm mentioned. “Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and didn’t embody notes for being a part of a distant code execution chain that was exploitable.”
Rackspace’s forensic investigation discovered that the menace actor accessed the Personal Storage Table (.PST) of 27 prospects out of almost 30,000 prospects on the Hosted Exchange e mail atmosphere.
However, the corporate mentioned there is no such thing as a proof the adversary considered, misused, or distributed the shopper’s emails or knowledge from these private storage folders. It additional mentioned it intends to retire its Hosted Exchange platform as a part of a deliberate migration to Microsoft 365.
It’s not at present not recognized if Rackspace paid a ransom to the cybercriminals, however the disclosure follows a report from CrowdStrike final month that make clear the brand new method, dubbed OWASSRF, employed by the Play ransomware actors.
The mechanism targets Exchange servers which might be unpatched towards the ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082) however have in place URL rewrite mitigations for the Autodiscover endpoint.
This includes an exploit chain comprising CVE-2022-41080 and CVE-2022-41082 to realize distant code execution in a way that bypasses the blocking guidelines by means of Outlook Web Access (OWA). The flaws had been addressed by Microsoft in November 2022.
The Windows maker, in a press release shared with The Hacker News, urged prospects to prioritize putting in its November 2022 Exchange Server updates and that the reported methodology targets weak methods that haven’t not utilized the newest fixes.