Qualys Accellion FTA Breached

Following a recent trend of breaches on security firms, as most in the security community by now know, an Accellion File Transfer Appliance (FTA) server of Qualys was breached, possibly dating back to December 2020. 

Accellion FTA is an appliance that helps organizations to transfer files. In the specific case of Qualys, this server has been deployed in a segregated DMZ environment, and as officially communicated by Qualys, this system has been deployed separated from other critical systems. 

As of now, the investigations are still ongoing within Qualys, while other parties are conducting threat research on the specific zero-day vulnerabilities present on the exploited platform, which, according to multiple sources, malicious actors started exploiting since December 2020. 

As pointed out by the current research on the exploitation of the zero-day vulnerabilities on the Accellion FTA systems, the motivation for such attacks, which seemed at first unclear, now appear to be financially motivated as victims have received extortion emails from an actor who claims to be associated with the Clop ransomware team. 

According to different sources, this specific breach has come to light on March 3rd, 2021, when screenshots of data supposedly belonging to Qualys have been posted online. This is yet another clear example that, no matter how secure you believe you are, there is always room for improvement. 

Last evening, on March 3rd, Kahuna directly informed our customers of the data breach that was reported and updated the information after the Qualys statement was released.