Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Qualys Confirms Unauthorized Access to Data via Accellion Hack

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Founded in 1999, the California-based firm serves more than 10,000 customers in over 130 countries around the world, including many of the Forbes Global 100 companies.

Data allegedly stolen from the company, including scan results and financial documents, was published on the “CL0P^_- LEAKS” Tor website this week. Maintained by the operators of the Clop ransomware, the portal is used to publish data stolen from victims unwilling to give in to their ransom demands.

Initially, the website would list data exfiltrated during ransomware attacks, but as of late it has been flooded with data stolen from various organizations that were relying on the Accellion FTA file transfer software.

The data was compromised during a December 2020 cyber-attack that Accellion confirmed earlier this year. A total of four zero-day vulnerabilities were identified in the attack, all of which have already been patched.

In a report published a couple of weeks ago, FireEye’s Mandiant researchers linked the attack to the FIN11 cybercrime group, a TA505 spin-off.

“The exploited vulnerabilities were of critical severity because they were subject to exploitation via unauthenticated remote code execution,” Accellion noted in a report detailing Mandiant’s investigation into the incident.

The company also said the attackers likely reverse engineered the file transfer software, which provided them with “a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software.”

Advertisement. Scroll to continue reading.

Following the publishing of its data on Clop’s leaks website, Qualys confirmed impact from the Accellion FTA incident, saying that it resulted in “unauthorized access to files hosted on the Accellion FTA server.”

The company also notes that the unauthorized access was limited to the FTA server and that the incident had no “impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.”

The Accellion FTA server, the company explains, was deployed in a segregated DMZ environment, separated from the production customer data environment. Furthermore, Qualys says it applied the released hotfix immediately after receiving it and completely isolated the FTA server after receiving an integrity alert a few days later.

“We immediately notified the limited number of customers impacted by this unauthorized access,” Qualys says, without providing additional information on the compromised data or the number of affected customers.

Related: Hackers Leak Data Stolen From Jet Maker Bombardier

Related: Cybercriminals Leak Files Allegedly Stolen From Law Firm Jones Day

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.