Managed cloud hosting provider Rackspace says that the December 2, 2022 attack that took down its hosted Microsoft Exchange service was conducted by the Play ransomware group. Rackspace is still working to recover email data. In a January 5, 2023 update, Rackspace explicitly states that the incident was not due to the ProxyNotShell exploit, as was being reported. Instead, the Play ransomware group used a zero-day vulnerability to gain access to the Rackspace Hosted Exchange email environment. Rackspace also writes that it does not plan to rebuild its hosted Microsoft Exchange service. Ref https://status.apps.rackspace.com/index/viewincidents?group=2
