March 28, 2023
Image Source – Scality

Rackspace announced that discontinuing hosted Exchange email services after completing its investigation on last month Ransomware attacks and planned the transition to cloud-based Microsoft 365.

Threat actors exploited the ProxyShell vulnerability to stage the attack. Rackspace had decided not to apply Microsoft’s ProxyNotShell patch to its Exchange Servers and was afraid of reports that the software update caused authentication errors, resulting in the server being down.

Play ransomware group was able to bypass Microsoft’s mitigations with a new exploit abusing the CVE-2022-41080 vulnerability that breached Rackspace’s Hosted Exchange systems.

Advertisements

Rackcspace attackers stolen PST of nearly 27 of its around 30,000 Hosted Exchange customers, but there is no evidence that the threat actors ever viewed or distributed the information.

The email data recovery efforts are still going on. It will offer an on-demand option for customers who want to download their data.

Rackspace said it’s contacting customers for which it has recovered more than half of their mailboxes; their recovered data is available via its customer portal.

For more details, visit https://www.rackspace.com/hosted-exchange-incident-data-recovery-resources

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: