Cybersecurity agency Qualys mentioned right now that the attackers who breached its Accellion FTA server did not infiltrate the corporate’s manufacturing and company environments.
A 3rd-party forensic agency employed to research if the hackers moved laterally into Qualys’ community discovered no proof of lateral motion from the hacked file-sharing equipment.
Qualys additionally famous that the investigation discovered that the corporate’s “current safety guidelines wouldn’t have allowed any such entry between the Accellion FTA server and Qualys’ company and manufacturing surroundings.
“As beforehand famous, the affect on Qualys and our prospects is contained to the Accellion FTA server,” said Ben Carr, Qualys Chief Info Safety Officer.
“We proceed to be assured that there isn’t any affect from this incident on the Qualys manufacturing environments (shared platforms and personal platforms), codebase, buyer information hosted on the Qualys Cloud Platform, Qualys Brokers or Scanners.”
In response to Qualys, its platforms are absolutely purposeful as the assault did not end in any downtime or operational affect.
These findings independently affirm our conclusion that the affect on Qualys and our prospects is contained to these recordsdata saved on the Accellion FTA server on the time of the incident. These findings additionally affirm that this incident didn’t contain any further assault vectors past the vulnerability used to infiltrate the Accellion FTA server. – Qualys
The Clop ransomware gang posted screenshots of recordsdata allegedly stolen from Qualys’ Accellion FTA server after breaching the server in December 2020. The leaked information included invoices, buy orders, tax paperwork, and scan stories.
Qualys mentioned that the affected Accellion FTA servers had been shut down, and the corporate switched to various options for support-related file transfers.
Whereas Qualys made no point out of a ransom notice obtained from Clop, the ransomware gang’s different victims have obtained them previously, in accordance with a FireEye Mandiant report.
It’s nonetheless unclear if the Clop ransomware gang is behind the Accellion assaults it printed on its information leak website or partnering with one other group to share the recordsdata and extort the victims.
A joint statement published by Mandiant and Accellion shed extra mild on these assaults, linking them to the FIN11 cybercrime group.
BleepingComputer has reported breaches affecting a number of corporations and organizations following assaults focusing on Accellion FTA.
In addition to the one on cybersecurity firm Qualys server, we additionally reported about assaults on the supermarket giant Kroger, the Reserve Bank of New Zealand, Singtel, QIMR Berghofer Medical Research Institute, the Australian Securities and Investments Commission (ASIC), and the Office of the Washington State Auditor (“SAO”).
5 Eyes members additionally issued a joint security advisory in February about ongoing assaults and extortion makes an attempt focusing on orgs that use susceptible Accellion File Switch Equipment (FTA) variations.