- Cloud security firm Qualys confirmed it was the subject of a data breach related to the zero-day exploit in the Accellion FTA file transfer platform, which the cybersecurity firm used for customer support, the company announced Wednesday.
- Qualys said the breach had no impact on its production environments, code base or customer data hosted on the Qualys Cloud Platform, according to a blog by Ben Carr, CISO at the cybersecurity firm.
- Qualys has retained FireEye Mandiant to help it further investigate the incident, which involved a zero-day vulnerability that Accellion discovered on Dec. 21 in another customer’s environment. Qualys applied a hotfix the following day and deployed additional patches along with additional security measures, the company said.
The disclosures Wednesday came just hours after the Clop ransomware gang began posting documents, including purchase orders, business scans and other forms that involved customers of Qualys on the Dark Web.
It raises the possibility that Qualys is the latest victim of a ransomware attempt, as the gang has threatened to release information stolen from numerous other companies, law firms and other entities that were impacted by the Accellion breach.
"Qualys had deployed the Accellion FTP server in a segregated DMZ environment, completely separate from systems that host and support Qualys products to transfer information as part of our customer support system," Carr wrote in the blogpost. "Qualys chose the Accellion FTA solution for encrypted temporary transfer of manually uploaded files."
After applying the hotfix and additional patches in late December, Carr said Qualys received an integrity alert on Dec. 24 and the FTA server was isolated from the network. Qualys later shut down the Accellion FTA servers and provided customers with alternatives for file transfer.
The threat actor likely only released a few of the documents they have in their possession, just to demonstrate that they gained access to certain files, according to researchers from security firm Black Kite.
"I don’t know the full extent of what they got off the file share, but it has the potential to affect Qualys customers," Bob Maley, chief security officer from Black Kite said.
Qualys represents the latest in a string of companies and other organizations impacted by the Accellion breach. Grocery chain Kroger, the law firm of Jones Day, the Reserve Bank of New Zealand and the Office of the Washington State Auditor are among the dozens of entities impacted by the breach.
Starting in December, malicious actors began to exploit a vulnerability in Accellion FTA to install a web shell called DEWMODE, according to a blogpost by FireEye.