A wave of attacks targeting the Accellion FTA file-sharing application started in December and still continues.
The Clop ransomware gang has been abusing a zero-day vulnerability in Accellion software and posting the stolen data on their data leak site.
These zero-day attacks allowed attackers to steal files and encrypt data stored on enterprise servers belonging to over 100 companies, including Transport for NSW, Singtel, Bombadier, geo-data specialist Fugro, law firm Jones Day, and others.
Cybersecurity firm Qualys is the latest known victim to have suffered a data breach in their Accellion FTA server.
On Tuesday this week, the Clop ransomware gang posted screenshots of purchase orders, invoices, tax documents, scan reports, and other files allegedly belonging to the cybersecurity firm.
As first reported by a French cybernews magazine Valery Marchive of LegMagIT, Qualys had an Accellion FTA device on their network, as the Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server belongs to Qualys.
It is unknown whether Qualys received ransom demands from Clop.
In a statement issued yesterday, Qualys confirmed that their Accellion FTA server had been breached and affected their customers.
As the server was deployed in their DMZ, or demilitarized zone subnetwork, which is separated from their internal network, Qualys’ product environment was not compromised, as the company explained.
“Qualys has confirmed that there is no impact on the Qualys production environments, codebase, or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact.”
Qualys has shut down the affected Accellion FTA servers and moved to alternative file transfer applications.
CLOP ransomware is believed to be operated by FIN11, an arm of a notorious Russian cybercrime organization TA505.