Cybersecurity firm Qualys suffers a data breach where threat actors exploit a zero-day vulnerability in their Accellion FTA server.
Cybersecurity firm Qualys suffers a data breach where threat actors exploit a zero-day vulnerability in their Accellion FTA server.
The wave of attacks began in mid-December 2020. The threat actors exploited multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software to deploy a shell dubbed DEWMODE on the target networks.
The attackers exfiltrated sensitive data from the target systems and then published it on the Clop ransomware gang’s leak site.
Yesterday, the Clop ransomware gang postedscreenshots of files allegedly stolen from the cybersecurity firm Qualys. The leaked data includes purchase orders, scan reports, tax documents and invoices.
The cybersecurity firm had an Accellion FTA device located on their network.
“The Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys. Qualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021,” reported BleepingComputer.
According to Mandiant, it is unclear if Clop sent ransom notes to the firm regarding the attack because other victims have received them in the past.
It is still unclear if the Clop ransomware gang performed the attacks on Accellion FTA devices or is partnering with another group to publicly share the files and extort victims.
Qualys confirmed in a statement that their Accellion FTA server was breached in December 2020 and affected a limited number of customers.
The company confirmed that no impact on the production environments, codebase or customer data hosted on the Qualys Cloud Platform. Qualys platforms remained to be fully functional, and there was no operational impact.
The firm reported that they have shut down all the affected Accellion FTA servers and switched to alternative applications for support-related files.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?