A website named SolarLeaks emerged online claiming to sell data stolen from companies that have been breached in recent SolarWinds supply-chain attacks, including Microsoft, FireEye, Cisco and SolarWinds. In a joint statement, the FBI, CISA, and the NSA said that this hack was likely carried out by a Russian state-sponsored threat group whose goal was to steal cloud data like emails and files from compromised organizations.
Now, a website appeared online that is offering for sale data allegedly stolen from Microsoft, FireEye, Cisco and SolarWinds. The SolarLeaks website operators claim to be selling Microsoft source code and repositories for $600,000 (last month, the company confirmed that the SolarWinds hackers got access to its source code), as well as Cisco’s multiple products source code and internal bug tracker ($500,000), SolarWinds’ products source code (all including Orion) and customer portal dump ($250,000), and FireEye’s private RedTeam tools, source code, binaries and documentation ($50,000).
Those who interested in all leaked data can buy it for $1 million.
In a recent update Cisco said it is aware of the SolarLeaks website, however, the company said that it “has no evidence at this time of any theft of intellectual property related to recent events.”
According to Bleeping Computer, the solarleaks.net domain is registered through NJALLA, a registrar often used by Russia-linked threat actors Fancy Bear and Cozy Bear.