Files that look like they originated on Qualys cybersecurity company servers were dumped online this afternoon on the ransomware tor blog on the dark web Clop. Although Qualys declined to comment on the matter after media requests, a company spokeswoman said Qualys was aware of the matter and was investigating.
According to the British portal The Register, some features of cloud-based vulnerability detection technology and its SSL server test page had apparently been victims of a ransomware attack. The exposed documents looked like purchase orders, scan results on customer devices and price quotes. The nature of the files suggests that they were stolen from the administrative side of Qualys’ business and not from its area of operations.
According to the Bleeping Computer portal, Qualys is probably the youngest victim to suffer a data breach through a zero day vulnerability on an Accellion FTA server. In December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero day vulnerability that allowed the theft of files stored on the server.
As reported by Valery Marchive of LegMagIT and confirmed by BleepingComputer, Qualys had an Accellion FTA device located on its network.
The Accellion FTA device was at fts-na.qualys.com and the IP address used by the server was assigned to Qualys. Since then, Qualys has decommissioned the FTA device, and Shodan shows that it was last active on February 18, 2021.
With international agencies
See the original post at: https://www.cisoadvisor.com.br/clop-ransomware-publica-documentos-da-qualys-na-dark-web/?rand=59039
