Articles Uncategorized A website has appeared on the network, which allegedly...

A website has appeared on the network, which allegedly sells data stolen as a result of the SolarWinds hack


Bleeping Computer writes that SolarLeaks (solarleaks [.] Net) has appeared on the network, where unknown persons sell data that was allegedly stolen from Microsoft, Cisco, FireEye and SolarWinds during a recent attack on the supply chain .

Let me remind you that in December 2020 it became known that unknown attackers attacked SolarWinds and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the infected version of the platform was installed on approximately 18,000 customers, according to official figures.

As a result, the victims included such giants as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department and the National Nuclear Security Administration.

In early January, the FBI, NSA, CISA and ODNI issued a joint statement according to which an unnamed APT group of “probably Russian origin” was behind the massive attack. The SolarWinds hack itself was described by officials as “an attempt to gather intelligence.”

Now unknown persons report that they are ready to sell the following stolen data:

  • $ 600,000: Microsoft Windows source code and other data from the company’s repositories (2.6 GB);
  • $ 500,000: source codes for various Cisco products and an internal bug tracker dump (1.7 GB);
  • $ 50,000: private red team FireEye tools, source codes, binaries and documentation (39 MB);
  • $ 250,000: SolarWinds product source code (including Orion) and customer portal dump (612 MB).

Hackers offer to buy all this data in bulk for one million dollars. In addition, the site operators act like the well-known hack group The Shadow Brokers and write that at first the stolen information will be sold in batches, and later it will be freely published in the public domain.

It should be noted that if Microsoft representatives previously confirmed that attackers could steal the source codes, then Cisco announced that it has no evidence of theft of its intellectual property.

Interestingly, the solarleaks [.] Net domain is registered through the NJALLA registrar, which is popular with hackers. So, when you try to look at WHOIS, you can see the message “You can get no info”.

It is not yet known whether the site operators actually have the data they are writing about, or if SolarLeaks is just a very ambitious scam attempt. Journalists attempted to contact the attackers at the email address indicated on the website, but it turned out that it did not exist.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you