Cybersecurity agency Qualys is the newest sufferer to have suffered an information breach after a zero-day vulnerability of their Accellion FTA server was exploited to steal hosted information.
In December, a wave of assaults focused the Accellion FTA file-sharing utility utilizing a zero-day vulnerability that allowed attackers to steal information saved on the server.
Since then, the Clop ransomware has been extorting these victims by posting the stolen information on their ransomware information leak website.
As Accellion FTA gadgets are standalone servers designed to be outdoors the safety perimeter of a community and accessible to the general public, there have been no reported assaults on these gadgets resulting in inside methods compromise.
Earlier than right now, the identified victims extorted by Clop embrace Transport for NSW, Singtel, Bombadier, geo-data specialist Fugro, legislation agency Jones Day, science and expertise firm Danaher, and technical companies firm ABS Group.
Qualys the newest sufferer to be extorted
Yesterday, the Clop ransomware gang posted screenshots of information allegedly belonging to the cybersecurity agency Qualys. The leaked information contains buy orders, invoices, tax paperwork, and scan experiences.
As reported by Valery Marchive of LegMagIT and confirmed by BleepingComputer, Qualys had an Accellion FTA gadget situated on their community.
The Accellion FTA gadget was situated at fts-na.qualys.com, and the IP tackle utilized by the server is assigned to Qualys. Qualys has since decommissioned the FTA gadget, with Shodan exhibiting it was final lively on February 18th, 2021.
It’s unknown if Clop despatched ransom notes to Qualys concerning the assault, however different victims have obtained them up to now, in keeping with a report by Mandiant.
It’s nonetheless unclear if the Clop ransomware gang carried out the assaults on Accellion FTA gadgets or is partnering with one other group to share the information and extort victims publicly.
Clop has up to now despatched emails to journalists, together with BleepingComputer, about new Accellion FTA victims posted to their website.
BleepingComputer has contacted Qualys earlier than publication and are awaiting an official assertion.