Yesterday, a website "SolarLeaks" came online and selling data that they claim was stolen form the victims who have confirmed to have been breached by SolarWinds attack. Last month, it was found that network management company SolarWinds suffered a sophisticated cyber-attack, which affects many tech and security firms also US governmental organisation.
The affecting companies include FireEye, Microsoft and many US governmental wings. Later it was discovered that SolarWinds was hacked back in 2019 and here Microsoft says that cyber-crooks had accessed some of its source code.
Now, a website "Solarleaks[.]net, came up and claims to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds.
Company | Details | Price |
---|---|---|
Microsoft | Windows (partial) source code and various Microsoft repositories | 600,000 USD |
Cisco | Multiple products source code + internal bugtracker dump | 500,000 USD |
SolarWinds | Products source code (all including Orion) + customer portal dump | 250,000 USD |
FireEye | Private Redteam tools, source code, binaries and documentation | 50,000 USD |
After the site seen online, Cisco team have said following in advisory :-
"Cisco is aware of this website and has no evidence at this time of any theft of intellectual property related to recent events. We are committed to transparency and should we find information our customers need to be aware of, we will share it through our established channels,"
But comments from Microsoft is yet to come.
At the mean time its not clear that site is legitimate and we didn't have any evidence that claim is genuine.
As the domain is just 1 day old and is been registered through NJALLA,a known registrar used by the Russian hacking groups Fancy Bear and Cozy Bear.
When you at the WHOIS record for solarleaks[.]net, the assigned name servers is interesting. It looks like Name -Server is stating with the statement "You Can Get No Info". ☺