{"id":545418,"date":"2023-01-06T07:38:32","date_gmt":"2023-01-06T09:38:32","guid":{"rendered":"https:\/\/teknomers.com\/fr\/rackspace-confirme-que-play-ransomware-gang-est-responsable-dune-violation-recente\/"},"modified":"2023-01-06T07:38:33","modified_gmt":"2023-01-06T09:38:33","slug":"rackspace-confirme-que-play-ransomware-gang-est-responsable-dune-violation-recente","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/rackspace-confirme-que-play-ransomware-gang-est-responsable-dune-violation-recente\/","title":{"rendered":"Rackspace confirme que Play Ransomware Gang est responsable d&#8217;une violation r\u00e9cente"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">06 janvier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 cloud \/ Cybermenace<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Le fournisseur de services cloud Rackspace a confirm\u00e9 jeudi que le gang de ran\u00e7ongiciels connu sous le nom de <b>Jouer<\/b> \u00e9tait responsable de la violation du mois dernier.<\/p>\n<p>L&#8217;incident de s\u00e9curit\u00e9, qui a eu lieu le 2 d\u00e9cembre 2022, a tir\u00e9 parti d&#8217;un exploit de s\u00e9curit\u00e9 jusque-l\u00e0 inconnu pour obtenir un acc\u00e8s initial \u00e0 l&#8217;environnement de messagerie Rackspace Hosted Exchange.<\/p>\n<p>&#8220;Cet exploit zero-day est associ\u00e9 \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-41080\" target=\"_blank\">CVE-2022-41080<\/a>&#8220;, la soci\u00e9t\u00e9 texane <a rel=\"nofollow noopener\" href=\"https:\/\/status.apps.rackspace.com\/index\/viewincidents?group=2\" target=\"_blank\">m&#8217;a dit<\/a>.  &#8220;Microsoft a divulgu\u00e9 CVE-2022-41080 comme une vuln\u00e9rabilit\u00e9 d&#8217;escalade de privil\u00e8ges et n&#8217;a pas inclus de notes pour faire partie d&#8217;une cha\u00eene d&#8217;ex\u00e9cution de code \u00e0 distance qui \u00e9tait exploitable.&#8221;<\/p>\n<p>L&#8217;enqu\u00eate m\u00e9dico-l\u00e9gale de Rackspace a r\u00e9v\u00e9l\u00e9 que l&#8217;auteur de la menace avait acc\u00e9d\u00e9 \u00e0 la table de stockage personnelle (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Personal_Storage_Table\" target=\"_blank\">.TVP<\/a>) de 27 clients sur pr\u00e8s de 30 000 clients sur l&#8217;environnement de messagerie Hosted Exchange.<\/p>\n<p>Cependant, la soci\u00e9t\u00e9 a d\u00e9clar\u00e9 qu&#8217;il n&#8217;y avait aucune preuve que l&#8217;adversaire ait vu, abus\u00e9 ou distribu\u00e9 les e-mails ou les donn\u00e9es du client \u00e0 partir de ces dossiers de stockage personnels.  Il a en outre d\u00e9clar\u00e9 qu&#8217;il avait l&#8217;intention de retirer sa plate-forme Hosted Exchange dans le cadre d&#8217;une migration pr\u00e9vue vers Microsoft 365.<\/p>\n<p>On ne sait pas actuellement si Rackspace a pay\u00e9 une ran\u00e7on aux cybercriminels, mais la divulgation fait suite \u00e0 un rapport de CrowdStrike le mois dernier qui a fait la lumi\u00e8re sur la nouvelle technique, baptis\u00e9e OWASSRF, employ\u00e9e par les acteurs du ran\u00e7ongiciel Play.<\/p>\n<p>Le m\u00e9canisme cible les serveurs Exchange non corrig\u00e9s contre les vuln\u00e9rabilit\u00e9s ProxyNotShell (<a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41040\" target=\"_blank\">CVE-2022-41040<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41082\" target=\"_blank\">CVE-2022-41082<\/a>) mais ont mis en place des att\u00e9nuations de r\u00e9\u00e9criture d&#8217;URL pour le point de terminaison de d\u00e9couverte automatique.<\/p>\n<p>Cela implique une cha\u00eene d&#8217;exploitation comprenant CVE-2022-41080 et CVE-2022-41082 pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance d&#8217;une mani\u00e8re qui contourne les r\u00e8gles de blocage via Outlook Web Access (OWA).  Les failles ont \u00e9t\u00e9 corrig\u00e9es par Microsoft en novembre 2022.<\/p>\n<p>Le fabricant de Windows, dans une d\u00e9claration partag\u00e9e avec The Hacker News, a exhort\u00e9 les clients \u00e0 donner la priorit\u00e9 \u00e0 l&#8217;installation de son <a rel=\"nofollow noopener\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-november-2022-exchange-server-security-updates\/ba-p\/3669045\" target=\"_blank\">Mises \u00e0 jour du serveur Exchange de novembre 2022<\/a> et que la m\u00e9thode signal\u00e9e cible les syst\u00e8mes vuln\u00e9rables qui n&#8217;ont pas appliqu\u00e9 les derniers correctifs.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/01\/rackspace-confirms-play-ransomware-gang.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80206 janvier 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 cloud \/ Cybermenace Le fournisseur de services cloud Rackspace a confirm\u00e9 jeudi que le gang de ran\u00e7ongiciels connu sous le nom de Jouer \u00e9tait responsable de la violation du mois dernier. L&#8217;incident de s\u00e9curit\u00e9, qui a eu lieu le 2 d\u00e9cembre 2022, a tir\u00e9 parti d&#8217;un exploit de s\u00e9curit\u00e9 jusque-l\u00e0 inconnu [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":545419,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,845,4158,4165,4161,1326,40,4584,4157,4159,4171,4170,4167,4160,4163,4162,8917,137207,4392,27730,911,4172,4169,899,4166,4164],"class_list":["post-545418","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-confirme","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dune","tag-est","tag-gang","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-play","tag-rackspace","tag-ransomware","tag-recente","tag-responsable","tag-securite-informatique","tag-securite-internet","tag-violation","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/545418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=545418"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/545418\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/545419"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=545418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=545418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=545418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}