Rackspace has been confirmed that the Play group was responsible for the December cyberattack. Hackers hacked the company’s email account. This was achieved using a zero-day exploit.
There is a high probability that the exploit was linked to a vulnerability under CVE-2022-41080. According to an investigation conducted by the same company, the hackers managed to get access to the e-mails and other confidential information, but no evidence was found that they were involved in its distribution.
It also remains a mystery as to whether Rackspace paid a ransom for the information for the cybercriminals. It should be noted that the report was followed by a report from IS company Crowd Strike, which shed light on the new attack used by the Play group. The technique is called OWASRF and is being used to cyberattack Exchange servers for which patches that fix the CVE 2022 41040 or CVE 2022 41083 vulnerability are not applied. Experts say the sequential application of CVE 2022-410800 and CSVE-2021-41082 allows hackers to remotely execute arbitrary code by ignoring OWA Outlook Web Access blocking rules.