Security Market Segment LS
Thursday, 04 March 2021 11:25

Qualys latest to be attacked through hole in Accellion FTA server

By
Ben Carr: "All Qualys platforms continue to be fully functional and at no time was there any operational impact." Ben Carr: "All Qualys platforms continue to be fully functional and at no time was there any operational impact." Courtesy Qualys

Security firm Qualys has become the latest to be affected by a breach of a file transfer system manufactured by the firm Accellion, the company says.

In a blog post, chief information security officer Ben Carr said the company's IT team had patched its Accellion FTA server on 22 December, pointing out that this server was deployed in a segregated DMZ environment.

"In addition, Qualys further enhanced security measures by deploying additional patches and enabling additional alerting around the FTA server," Carr said.

"We received an integrity alert on 24 December 2020 and the impacted FTA server was immediately isolated from the network. Accordingly, Qualys shut down the affected Accellion FTA servers and provided alternatives to customers for support-related file transfer."
He said a detailed investigation identified unauthorised access to files hosted on the Accellion server.

"Based on this investigation, we immediately notified the limited number of customers impacted by this unauthorised access. The investigation confirmed that the unauthorised access was limited to the FTA server and did not impact any services provided or access to customer data hosted by the Qualys Cloud Platform," Carr claimed.

He said Qualys had hired Mandiant, a unit of American cyber security company FireEye, to help in the investigation.

Mandiant said in the last week of February that it had identified the attacker behind the Accellion FTA attacks and given him/her the moniker UNC2546.

The attacker is using the website of the Windows Cl0p ransomware group to host data that has been stolen using the Accellion FTA vulnerability.

On 15 February, Singapore telco Singtel was reported to have been hit by a similar attack. Singtel is the owner of Optus, Australia's second biggest telco.

On 25 February, iTWire reported that Transport for NSW had also been affected.

Contacted for comment, Brett Callow, a threat researcher with the New Zealand-headquartered security outfit Emsisoft, told iTWire: "Whether Cl0p was responsible for the Accellion hacks or is simply handling the extortion on behalf of whoever was remains unclear.

"Whatever the case, the more data they publish from Accellion-related incidents, the more likely it is that they also have the data from the other Accellion-related hacks – a list which includes ASIC, the Reserve Bank of New Zealand and the Office of the Washington State Auditor.

"It's important to note that Cl0p frequently uses the data it steals from organisations to spearphish that organisations' customers and business partners.

"This, of course, means that any entities which have done business with an organisation that has experienced an Accellion-related breach should be on high alert. It's likely they will targeted."

Read 16066 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « Okta signs to acquire Auth0 for $US 6.5b shaping the future of Internet identity Microsoft, Mandiant offer new SolarWinds attack details, little clarity »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments