Rackspace confirms Play ransomware was behind recent cyberattack

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company’s hosted Microsoft Exchange environments.

This follows a report last month by cybersecurity firm Crowdstrike, which detailed a new exploit used by the ransomware group to compromise Microsoft Exchange servers and gain access to a victim’s networks.

The exploit (dubbed OWASSRF) allowed the attackers to bypass ProxyNotShell URL rewrite mitigations provided by Microsoft by likely targeting a critical flaw (CVE-2022-41080) that allows remote privilege escalation on Exchange servers.

Read more…
Source: Bleeping Computer