Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Qualys Confirms Unauthorized Access to Data via Accellion Hack

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Founded in 1999, the California-based firm serves more than 10,000 customers in over 130 countries around the world, including many of the Forbes Global 100 companies.

Data allegedly stolen from the company, including scan results and financial documents, was published on the “CL0P^_- LEAKS” Tor website this week. Maintained by the operators of the Clop ransomware, the portal is used to publish data stolen from victims unwilling to give in to their ransom demands.

Initially, the website would list data exfiltrated during ransomware attacks, but as of late it has been flooded with data stolen from various organizations that were relying on the Accellion FTA file transfer software.

The data was compromised during a December 2020 cyber-attack that Accellion confirmed earlier this year. A total of four zero-day vulnerabilities were identified in the attack, all of which have already been patched.

In a report published a couple of weeks ago, FireEye’s Mandiant researchers linked the attack to the FIN11 cybercrime group, a TA505 spin-off.

“The exploited vulnerabilities were of critical severity because they were subject to exploitation via unauthenticated remote code execution,” Accellion noted in a report detailing Mandiant’s investigation into the incident.

The company also said the attackers likely reverse engineered the file transfer software, which provided them with “a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software.”

Advertisement. Scroll to continue reading.

Following the publishing of its data on Clop’s leaks website, Qualys confirmed impact from the Accellion FTA incident, saying that it resulted in “unauthorized access to files hosted on the Accellion FTA server.”

The company also notes that the unauthorized access was limited to the FTA server and that the incident had no “impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.”

The Accellion FTA server, the company explains, was deployed in a segregated DMZ environment, separated from the production customer data environment. Furthermore, Qualys says it applied the released hotfix immediately after receiving it and completely isolated the FTA server after receiving an integrity alert a few days later.

“We immediately notified the limited number of customers impacted by this unauthorized access,” Qualys says, without providing additional information on the compromised data or the number of affected customers.

Related: Hackers Leak Data Stolen From Jet Maker Bombardier

Related: Cybercriminals Leak Files Allegedly Stolen From Law Firm Jones Day

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...