Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.
Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability.
Founded in 1999, the California-based firm serves more than 10,000 customers in over 130 countries around the world, including many of the Forbes Global 100 companies.
The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the company.
Hours after the Clop ransomware gang published data allegedly stolen from information security and compliance solutions provider Qualys, the company has confirmed being impacted by the recent cyberattack involving Accellion’s FTA product.
As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared screenshots of files belonging to the company’s customers on a publicly accessible data leak website operated by the CLOP ransomware gang.
In December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero-day vulnerability that allowed attackers to steal files stored on the server.
Accellion File Transfer Appliance (FTA) is enterprise-grade software used for file transfers. In December 2020, FireEye’s Mandiant discovered that the Clop ransomware group was exploiting previously-unknown vulnerabilities in the legacy software to extort organizations, threatening to leak sensitive data stolen from vulnerable servers unless a ransom was paid.
It is still unclear if the Clop ransomware gang performed the attacks on Accellion FTA devices or is partnering with another group to share the files and extort victims publicly.
Accellion says it has worked “around the clock to develop and release patches that resolve each identified FTA vulnerability and support our customers affected by this incident.”
“We immediately notified the limited number of customers impacted by this unauthorized access,” Qualys says, without providing additional information on the compromised data or the number of affected customers.