In a blog post, chief information security officer Ben Carr said the company's IT team had patched its Accellion FTA server on 22 December, pointing out that this server was deployed in a segregated DMZ environment.
"In addition, Qualys further enhanced security measures by deploying additional patches and enabling additional alerting around the FTA server," Carr said.
"We received an integrity alert on 24 December 2020 and the impacted FTA server was immediately isolated from the network. Accordingly, Qualys shut down the affected Accellion FTA servers and provided alternatives to customers for support-related file transfer."
"Based on this investigation, we immediately notified the limited number of customers impacted by this unauthorised access. The investigation confirmed that the unauthorised access was limited to the FTA server and did not impact any services provided or access to customer data hosted by the Qualys Cloud Platform," Carr claimed.
The media when they hear some security company just had a breach........ pic.twitter.com/ut4o8VuZcq— Lisa Forte (@LisaForteUK) March 3, 2021
He said Qualys had hired Mandiant, a unit of American cyber security company FireEye, to help in the investigation.
Mandiant said in the last week of February that it had identified the attacker behind the Accellion FTA attacks and given him/her the moniker UNC2546.
The attacker is using the website of the Windows Cl0p ransomware group to host data that has been stolen using the Accellion FTA vulnerability.
On 15 February, Singapore telco Singtel was reported to have been hit by a similar attack. Singtel is the owner of Optus, Australia's second biggest telco.
On 25 February, iTWire reported that Transport for NSW had also been affected.
Contacted for comment, Brett Callow, a threat researcher with the New Zealand-headquartered security outfit Emsisoft, told iTWire: "Whether Cl0p was responsible for the Accellion hacks or is simply handling the extortion on behalf of whoever was remains unclear.
"Whatever the case, the more data they publish from Accellion-related incidents, the more likely it is that they also have the data from the other Accellion-related hacks – a list which includes ASIC, the Reserve Bank of New Zealand and the Office of the Washington State Auditor.
"It's important to note that Cl0p frequently uses the data it steals from organisations to spearphish that organisations' customers and business partners.
"This, of course, means that any entities which have done business with an organisation that has experienced an Accellion-related breach should be on high alert. It's likely they will targeted."