SolarLeaks website offers data allegedly stolen in SolarWinds hack

SolarLeaks website offers data allegedly stolen in SolarWinds hack

A website named SolarLeaks emerged online claiming to sell data stolen from companies that have been breached in recent SolarWinds supply-chain attacks, including Microsoft, FireEye, Cisco and SolarWinds. In a joint statement, the FBI, CISA, and the NSA said that this hack was likely carried out by a Russian state-sponsored threat group whose goal was to steal cloud data like emails and files from compromised organizations.

Now, a website appeared online that is offering for sale data allegedly stolen from Microsoft, FireEye, Cisco and SolarWinds. The SolarLeaks website operators claim to be selling Microsoft source code and repositories for $600,000 (last month, the company confirmed that the SolarWinds hackers got access to its source code), as well as Cisco’s multiple products source code and internal bug tracker ($500,000), SolarWinds’ products source code (all including Orion) and customer portal dump ($250,000), and FireEye’s private RedTeam tools, source code, binaries and documentation ($50,000).

Those who interested in all leaked data can buy it for $1 million.

In a recent update Cisco said it is aware of the SolarLeaks website, however, the company said that it “has no evidence at this time of any theft of intellectual property related to recent events.”

According to Bleeping Computer, the solarleaks.net domain is registered through NJALLA, a registrar often used by Russia-linked threat actors Fancy Bear and Cozy Bear.


Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025