Security Experts:

Connect with us

Hi, what are you looking for?



Qualys Confirms Unauthorized Access to Data via Accellion Hack

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.

Founded in 1999, the California-based firm serves more than 10,000 customers in over 130 countries around the world, including many of the Forbes Global 100 companies.

Data allegedly stolen from the company, including scan results and financial documents, was published on the “CL0P^_- LEAKS” Tor website this week. Maintained by the operators of the Clop ransomware, the portal is used to publish data stolen from victims unwilling to give in to their ransom demands.

Initially, the website would list data exfiltrated during ransomware attacks, but as of late it has been flooded with data stolen from various organizations that were relying on the Accellion FTA file transfer software.

The data was compromised during a December 2020 cyber-attack that Accellion confirmed earlier this year. A total of four zero-day vulnerabilities were identified in the attack, all of which have already been patched.

In a report published a couple of weeks ago, FireEye’s Mandiant researchers linked the attack to the FIN11 cybercrime group, a TA505 spin-off.

“The exploited vulnerabilities were of critical severity because they were subject to exploitation via unauthenticated remote code execution,” Accellion noted in a report detailing Mandiant’s investigation into the incident.

The company also said the attackers likely reverse engineered the file transfer software, which provided them with “a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software.”

Following the publishing of its data on Clop’s leaks website, Qualys confirmed impact from the Accellion FTA incident, saying that it resulted in “unauthorized access to files hosted on the Accellion FTA server.”

The company also notes that the unauthorized access was limited to the FTA server and that the incident had no “impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.”

The Accellion FTA server, the company explains, was deployed in a segregated DMZ environment, separated from the production customer data environment. Furthermore, Qualys says it applied the released hotfix immediately after receiving it and completely isolated the FTA server after receiving an integrity alert a few days later.

“We immediately notified the limited number of customers impacted by this unauthorized access,” Qualys says, without providing additional information on the compromised data or the number of affected customers.

Related: Hackers Leak Data Stolen From Jet Maker Bombardier

Related: Cybercriminals Leak Files Allegedly Stolen From Law Firm Jones Day

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...