Compromiseseverity: Medium2023-01-23
A10 Networks breached by Play ransomware affiliates
published by BleepingComputer
Actor
Closed-group ransomware operation (no public affiliate program) active since mid-2022, named for the '.play' extension appended to encrypted files. Heavy exploitation of FortiOS SSL-VPN flaws and Mic…
Summary
Networking-hardware vendor A10 Networks disclosed that a Play ransomware affiliate accessed its shared drives and exfiltrated human-resources, finance, and legal data during a brief intrusion on 23 January 2023. A10 said operational systems and customers were not affected; Play listed the company on its leak site shortly afterwards.
Tags
data-extortionvendor
Primary source
bleepingcomputer.comOther Play events
- 2025-06-04CISA documents Play ESXi variant and per-victim recompilation
- 2023-12-18Joint CISA/FBI/ASD advisory AA23-352A on Play ransomware
- 2023-02-08City of Oakland ransomware attack claimed by Play
- 2022-12-23Arnold Clark customer data stolen in Play ransomware attack
- 2022-12-02Rackspace Hosted Exchange outage caused by Play ransomware