Hackers of SolarWinds have now shown up with a website to sell the data they had stolen from the hack earlier. They put up the data belonging to Microsoft, Cisco, FireEye, and SolarWinds itself, all can be get for $1 million, or in batches if the buyers like. From the domain registry, it was known that hackers may belong to Russia, and most probably an APT group.
SolarWinds Hackers Selling Stolen Data
SolarWinds hack was one of the notable incidents that happened in cyberspace in 2020. After Zerologon, the SolarWinds hack was determined to be so critical that, FBI, CISA, and DHSA have issued a joint statement warning about the incident. Now, the hacker group behind this incident has shown up for business.
A new site named solarleaks.net was spotted in the wild that has a single static page, selling the stolen data from SolarWinds attack. The sellers have listed four victims in their business, namely Microsoft, Cisco, SolarWind, and FireEye. And they claim to give away all of the stolen data from this for $1 million.
If not, interested buyers can get in batches, like what they exactly wanted. In the case of Microsoft, they’re selling the source code repositories for $600,000, which is worth 2.6GB. Microsoft has earlier revealed that SolarWinds hackers had accessed their source code, but didn’t alter anything.
For Cisco, it’s the source code of multiple Cisco products and the dump of internal tracker for half a million dollars. In terms of FireEye, all the private red team tools, binaries, and documentation for $50,000, for a data worth 39MB. And finally the SolarWinds itself, hackers are selling its products source code plus the customer portal dump for $250,000.
While it’s exactly unknown the perpetrators behind this, researchers and agencies warn that of a Russian state-backed group, APT 29. Also, the domain registry details pulled off the solarleaks revealed the registrar to be NJALLA, a famous point used by Fancy Bear and Cozy Bear groups.