Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month’s breach.
The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.
“This zero-day exploit is associated with CVE-2022-41080,” the Texas-based company said. “Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for [it] being part of a remote code execution chain that was exploitable.”
Rackspace’s forensic investigation found that the threat actor accessed the Personal Storage Table (.PST) of 27 customers out of a total of nearly 30,000 customers on the Hosted Exchange email environment.
images from Hacker News