13 January 2021

SolarLeaks website offers data allegedly stolen in SolarWinds hack


SolarLeaks website offers data allegedly stolen in SolarWinds hack

A website named SolarLeaks emerged online claiming to sell data stolen from companies that have been breached in recent SolarWinds supply-chain attacks, including Microsoft, FireEye, Cisco and SolarWinds. In a joint statement, the FBI, CISA, and the NSA said that this hack was likely carried out by a Russian state-sponsored threat group whose goal was to steal cloud data like emails and files from compromised organizations.

Now, a website appeared online that is offering for sale data allegedly stolen from Microsoft, FireEye, Cisco and SolarWinds. The SolarLeaks website operators claim to be selling Microsoft source code and repositories for $600,000 (last month, the company confirmed that the SolarWinds hackers got access to its source code), as well as Cisco’s multiple products source code and internal bug tracker ($500,000), SolarWinds’ products source code (all including Orion) and customer portal dump ($250,000), and FireEye’s private RedTeam tools, source code, binaries and documentation ($50,000).

Those who interested in all leaked data can buy it for $1 million.

In a recent update Cisco said it is aware of the SolarLeaks website, however, the company said that it “has no evidence at this time of any theft of intellectual property related to recent events.”

According to Bleeping Computer, the solarleaks.net domain is registered through NJALLA, a registrar often used by Russia-linked threat actors Fancy Bear and Cozy Bear.


Back to the list

Latest Posts

Vulnerability summary for the week: January 15, 2021

Vulnerability summary for the week: January 15, 2021

A weekly vulnerability digest.
15 January 2021
Iranian cyberspies took advantage of Christmas to launch spearphishing attacks

Iranian cyberspies took advantage of Christmas to launch spearphishing attacks

The Charming Kitten hackers sent fake text messages from “Google Account Recovery” and fake emails with Christmas content.
15 January 2021
NSA: Companies should use only designated enterprise DNS resolvers for DNS traffic

NSA: Companies should use only designated enterprise DNS resolvers for DNS traffic

DoH is not a panacea and does not guarantee protection from hackers, the NSA warns.
15 January 2021