{
	"id": "ae87e0cf-7141-4147-be3e-f8639b913ad8",
	"created_at": "2026-04-06T00:06:59.727033Z",
	"updated_at": "2026-04-10T13:12:40.114955Z",
	"deleted_at": null,
	"sha1_hash": "5352f89c0a9f225020f21baeba598806eb3198be",
	"title": "Cybersecurity firm Qualys is the latest victim of Accellion hacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2537714,
	"plain_text": "Cybersecurity firm Qualys is the latest victim of Accellion hacks\r\nBy Lawrence Abrams\r\nPublished: 2021-03-03 · Archived: 2026-04-05 16:04:00 UTC\r\nCybersecurity firm Qualys is likely the latest victim to have suffered a data breach after a zero-day vulnerability in\r\ntheir Accellion FTA server was exploited to steal hosted files.\r\nIn December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero-day vulnerability that\r\nallowed attackers to steal files stored on the server.\r\nSince then, the Clop ransomware has been extorting these victims by posting the stolen data on their ransomware data leak\r\nsite.\r\nhttps://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAs Accellion FTA devices are standalone servers designed to be outside the security perimeter of a network and accessible to\r\nthe public, there have been no reported attacks on these devices leading to internal systems compromise.\r\nBefore today, the known victims extorted by Clop include Transport for NSW, Singtel, Bombadier, geo-data\r\nspecialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS\r\nGroup.\r\nQualys the latest victim to be extorted\r\nYesterday, the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys. The\r\nleaked data includes purchase orders, invoices, tax documents, and scan reports.\r\nAs reported by Valery Marchive of LegMagIT and confirmed by BleepingComputer, Qualys had an Accellion FTA device\r\nlocated on their network.\r\nThe Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys.\r\nQualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021.\r\nIt is unknown if Clop sent ransom notes to Qualys regarding the attack, but other victims have received them in the past,\r\naccording to a report by Mandiant.\r\nRansom note sent to Accellion FTA victims\r\nIt is still unclear if the Clop ransomware gang performed the attacks on Accellion FTA devices or is partnering with another\r\ngroup to share the files and extort victims publicly.\r\nClop has in the past sent emails to journalists, including BleepingComputer, about new Accellion FTA victims posted to\r\ntheir site.\r\nBleepingComputer has contacted Qualys before publication and are awaiting an official statement.\r\nQualys confirms Accellion FTA breach\r\nIn a statement issued tonight, Qualys has confirmed that their Accellion FTA server was breached in December 2020 and\r\naffected a limited amount of customers.\r\nAs the server was deployed in their DMZ, which is segregated from their internal network, Qualys' product environment was\r\nnot compromised.\r\n\"New information has come out today related to a previously identified zero-day exploit in a third-party solution, Accellion\r\nFTA, that Qualys deployed to transfer information as part of our customer support system.\"\r\n\"Qualys has confirmed that there is no impact on the Qualys production environments, codebase or customer data hosted on\r\nthe Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational\r\nimpact.\"\r\nhttps://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/\r\nPage 3 of 4\n\n\"Qualys had deployed the Accellion FTA server in a segregated DMZ environment, completely separate from systems that\r\nhost and support Qualys products to transfer information as part of our customer support system,\" Qualys disclosed in a\r\nsecurity incident notice today.\r\nQualys states that they have shut down the affected Accellion FTA servers and switched to alternative applications for\r\nsupport-related file transfers.\r\nAt this time, Qualys is still investigating the breach and has hired Mandiant to assist them.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/\r\nhttps://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/"
	],
	"report_names": [
		"cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434019,
	"ts_updated_at": 1775826760,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5352f89c0a9f225020f21baeba598806eb3198be.pdf",
		"text": "https://archive.orkl.eu/5352f89c0a9f225020f21baeba598806eb3198be.txt",
		"img": "https://archive.orkl.eu/5352f89c0a9f225020f21baeba598806eb3198be.jpg"
	}
}