Cybersecurity firm Qualys has suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.
In December, the Accellion FTA file-sharing application was targeted by several attacks using a zero-day vulnerability that allowed attackers to steal files stored on the server.
Since then, the Clop ransomware has been extorting its victims by posting the stolen data on their ransomware data leak site.
Accellion FTA devices are standalone servers designed to be outside the security perimeter of a network and accessible to the public. Hence, there hasn’t been any reported attacks on these devices leading to internal systems compromise.
Some of the earlier victims extorted by Clop include Transport for NSW, Singtel, Bombadier, geo-data specialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS Group.
Now, the ransomware group has posted screenshots of files allegedly belonging to the cybersecurity firm Qualys. The leaked data includes purchase orders, invoices, tax documents, and scan reports.
It was confirmed that Qualys had an Accellion FTA device located on their network. The Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys.
Qualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021.
It is not known whether the Clop ransomware gang has sent ransom notes to Qualys regarding the attack. But their other victims have received them.
It is also not sure whether the gang performed the attacks on Accellion FTA devices or is partnering with another group to share the files and extort victims publicly.
Later, Qualys has confirmed that their Accellion FTA server was breached in December 2020 which had impacted a few customers.
As the server was deployed in their DMZ, which is segregated from their internal network, Qualys’ product environment was not compromised.
They also confirmed that all Qualys platforms continue to be fully functional and at no time was there any operational impact.
Qualys have shut down the affected Accellion FTA servers and switched to alternative applications for support-related file transfers. The company is currently investigating the breach and has hired Mandiant to assist them.
Image Credits : Forbes