Cybersecurity firm Qualys likely latest victim of Accellion hacks

DID YOU KNOW: 1 in 13 web requests lead to malware. Keep all your devices safe with Malwarebytes a Complete Cyber Security Solution.

Malwarebytes - Complete Protection

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.

In December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero-day vulnerability that allowed attackers to steal files stored on the server.

Since then, the Clop ransomware has been extorting these victims by posting the stolen data on their ransomware data leak site.

As Accellion FTA devices are standalone servers designed to be outside the security perimeter of a network and accessible to the public, there have been no reported attacks on these devices leading to internal systems compromise.

Before today, the known victims extorted by Clop include Transport for NSWSingtel, Bombadier, geo-data specialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS Group.

Qualys the latest victim to be extorted

Yesterday, the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys. The leaked data includes purchase orders, invoices, tax documents, and scan reports.

As reported by Valery Marchive of LegMagIT and confirmed by BleepingComputer, Qualys had an Accellion FTA device located on their network.

The Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys. Qualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021.

It is unknown if Clop sent ransom notes to Qualys regarding the attack, but other victims have received them in the past, according to a report by Mandiant.

Ransom note sent to Accellion FTA victims
Ransom note sent to Accellion FTA victims

It is still unclear if the Clop ransomware gang performed the attacks on Accellion FTA devices or is partnering with another group to share the files and extort victims publicly.

Clop has in the past sent emails to journalists, including BleepingComputer, about new Accellion FTA victims posted to their site.

BleepingComputer has contacted Qualys before publication and are awaiting an official statement.

Your ISP can and is tracking your the sites you access. Mask your digital footprint and help stop tracking on all your devices with a VPN.

NordVPN - Private Internet Access


Source – Bleepingcomputer.com

Scroll to top