A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof Rackspace customers' domains as part of its operations. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users.