{"id":4981,"date":"2021-01-13T16:32:49","date_gmt":"2021-01-13T16:32:49","guid":{"rendered":"https:\/\/blog.gridinsoft.com\/?p=4981"},"modified":"2024-01-05T04:20:35","modified_gmt":"2024-01-05T04:20:35","slug":"experts-discovered-solarleaks-website-with-data-stolen-in-a-recent-massive-hacker-attack","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/experts-discovered-solarleaks-website-with-data-stolen-in-a-recent-massive-hacker-attack\/","title":{"rendered":"Experts discovered SolarLeaks website with data stolen in a recent massive hacker attack"},"content":{"rendered":"<h4>Bleeping Computer reports the discovery of the SolarLeaks website (solarleaks[.]net), where unidentified individuals claim to be selling data allegedly stolen from SolarWinds, Microsoft, Cisco, and FireEye during a recent <a href=\"\/blogs\/microsoft-supernova-and-cosmicgale-malware-detected-on-systems-running-solarwinds\/\">supply chain attack<\/a>.<\/h4>\n<p>Just to recap, in December 2020, it was revealed that unknown hackers attacked SolarWinds, infecting its Orion platform with malware. Out of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the compromised version of the platform was installed on approximately 18,000 customers&#8217; machines, according to official figures.<\/p>\n<blockquote cite=\"the media reported.\" url=\"https:\/\/www.bleepingcomputer.com\/news\/security\/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks\/\"><p>\n  As a result, victims included major entities like Microsoft, Cisco, FireEye, as well as numerous US government agencies, including the US Department of State and the National Nuclear Security Administration.\n<\/p><\/blockquote>\n<p>In early January, the FBI, NSA, CISA, and ODNI issued a joint statement indicating that an unnamed <a href=\"\/apt\">APT group<\/a> of &#8220;probably Russian origin&#8221; was responsible for the extensive attack. The SolarWinds hack was described by officials as &#8220;an attempt to gather intelligence.&#8221;<\/p>\n<p>Now, the unknown individuals claim to be ready to sell the following stolen data:<\/p>\n<ul>\n<li>$600,000: Microsoft Windows source codes and other data from the company&#8217;s repositories (2.6 GB);<\/li>\n<li>$500,000: source codes of various Cisco products and an internal bug tracker dump (1.7 GB);<\/li>\n<li>$50,000: private red team FireEye tools, source codes, binaries, and documentation (39 MB);<\/li>\n<li>$250,000: SolarWinds product source code (including Orion) and customer portal dump (612 MB).<\/li>\n<\/ul>\n<p>The hackers offer to sell all this data in bulk for one million dollars. Additionally, the site operators mimic the well-known hack group The Shadow Brokers, stating that initially, the stolen information will be sold in batches, and later, it will be freely published in the public domain.<\/p>\n<p>It&#8217;s noteworthy that while Microsoft representatives previously confirmed the possibility of source code theft, Cisco announced having no evidence of the theft of its intellectual property. The solarleaks[.]net domain is registered through the NJALLA registrar, which <a href=\"https:\/\/securelist.com\/apt-trends-report-q2-2020\/97937\/\" rel=\"noopener nofollow\" target=\"_blank\">is popular with hackers<\/a>. Attempting to check WHOIS information results in the message &#8220;You can get no info&#8221;.<\/p>\n<p><img loading=\"lazy\" loading=\"lazy\" decoding=\"async\" src=\"\/blogs\/wp-content\/uploads\/2021\/01\/nameservers.jpg\" alt=\"Experts discovered the SolarLeaks website \" width=\"481\" height=\"95\" class=\"alignnone size-full wp-image-4982\" title=\"\" srcset=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/nameservers.jpg 481w, https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/nameservers-300x59.jpg 300w\" sizes=\"auto, (max-width: 481px) 100vw, 481px\" \/><\/p>\n<p>It remains unknown whether the site operators possess the data they claim to have, or if SolarLeaks is an ambitious scam attempt. Journalists attempted to contact the attackers using the email address provided on the website, but it was found to be nonexistent.<\/p>\n<p><img loading=\"lazy\" loading=\"lazy\" decoding=\"async\" src=\"\/blogs\/wp-content\/uploads\/2021\/01\/bounced-email.jpg\" alt=\"Experts discovered the SolarLeaks website \" width=\"850\" height=\"529\" class=\"alignnone size-full wp-image-4983\" title=\"\" srcset=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/bounced-email.jpg 850w, https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/bounced-email-300x187.jpg 300w, https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/bounced-email-768x478.jpg 768w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bleeping Computer reports the discovery of the SolarLeaks website (solarleaks[.]net), where unidentified individuals claim to be selling data allegedly stolen from SolarWinds, Microsoft, Cisco, and FireEye during a recent supply chain attack. Just to recap, in December 2020, it was revealed that unknown hackers attacked SolarWinds, infecting its Orion platform with malware. Out of the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":4984,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[1529,163,328,97,94,320],"class_list":{"0":"post-4981","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-apt","9":"tag-bleeping-computer","10":"tag-cisco","11":"tag-fireeye","12":"tag-microsoft","13":"tag-solarwinds"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2021\/01\/solarwind.png","author_info":{"display_name":"Vladimir Krasnogolovy","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/krasnogolovy\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/4981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=4981"}],"version-history":[{"count":2,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/4981\/revisions"}],"predecessor-version":[{"id":18778,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/4981\/revisions\/18778"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/4984"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=4981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=4981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=4981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}