Cloud computing provider Rackspace hit by ransomware attack2022-12-06 18:55 by Daniela
American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. The list of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online.
"As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident," the company said in an update to the initial incident report.
On Tuesday, Rackspace confirmed a ransomware attack is to blame.
"Based on the investigation to date, we believe that this incident was isolated to our Hosted Exchange business," Rackspace told customers in a security notice. "The Company's other products and services are fully operational, and we have not experienced any impact to our Rackspace Email product line and platform."
While Rackspace has shared very little information about the attack, cybersecurity expert Kevin Beaumont has shared a possible explanation. Beaumont told BleepingComputer that Rackspace appears to have been running a Microsoft Exchange server vulnerable to the ProxyNotShell vulnerability.
ProxyNotShell was a zero-day vulnerability discovered to be actively exploited in September 2022 to install web shells on Microsoft Exchange servers.
Read more -here-