SolarLeaks Site Claims to Sell Data Stolen in SolarWinds Attacks

SolarWinds Victims data on Sale


Yesterday, a website "SolarLeaks" came online and selling data that they claim  was stolen form the victims who have confirmed to have been breached by SolarWinds attack. Last month, it was found that network management company SolarWinds suffered a sophisticated cyber-attack, which affects many tech and security firms also US governmental organisation.  

The affecting companies include FireEye, Microsoft and many US governmental wings. Later it was discovered that SolarWinds was hacked back in 2019 and here Microsoft says that cyber-crooks had accessed some of its source code


Now, a website "Solarleaks[.]net, came up and claims to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds.


Company Details Price
Microsoft Windows (partial) source code and various Microsoft repositories 600,000 USD
Cisco Multiple products source code + internal bugtracker dump 500,000 USD
SolarWinds Products source code (all including Orion) + customer portal dump 250,000 USD
FireEye Private Redteam tools, source code, binaries and documentation 50,000 USD

After the site seen online, Cisco team have said following in advisory :-
"Cisco is aware of this website and has no evidence at this time of any theft of intellectual property related to recent events. We are committed to transparency and should we find information our customers need to be aware of, we will share it through our established channels," 

 

But comments from Microsoft is yet to come. 
At the mean time its not clear that site is legitimate and we didn't have any evidence that claim is genuine. 


As the domain is just 1 day old and is been registered through NJALLA,a known registrar used by the Russian hacking groups Fancy Bear and Cozy Bear. 
credit: Bleeping Computer

When you at the WHOIS record for solarleaks[.]net, the assigned name servers is interesting. It looks like Name -Server is stating with the statement "You Can Get No Info". ☺