October 4, 2023
Image Source – Scality

Rackspace announced that discontinuing hosted Exchange email services after completing its investigation on last month Ransomware attacks and planned the transition to cloud-based Microsoft 365.

Threat actors exploited the ProxyShell vulnerability to stage the attack. Rackspace had decided not to apply Microsoft’s ProxyNotShell patch to its Exchange Servers and was afraid of reports that the software update caused authentication errors, resulting in the server being down.

Play ransomware group was able to bypass Microsoft’s mitigations with a new exploit abusing the CVE-2022-41080 vulnerability that breached Rackspace’s Hosted Exchange systems.

Advertisements

Rackcspace attackers stolen PST of nearly 27 of its around 30,000 Hosted Exchange customers, but there is no evidence that the threat actors ever viewed or distributed the information.

The email data recovery efforts are still going on. It will offer an on-demand option for customers who want to download their data.

Rackspace said it’s contacting customers for which it has recovered more than half of their mailboxes; their recovered data is available via its customer portal.

For more details, visit https://www.rackspace.com/hosted-exchange-incident-data-recovery-resources

Tags:

Leave a Reply

You may have missed

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023
%d bloggers like this: