Security Market Segment LS
Wednesday, 13 January 2021 09:22

Alleged SolarWinds attackers offer stolen Microsoft, Cisco source code for sale Featured

Alleged SolarWinds attackers offer stolen Microsoft, Cisco source code for sale Image by Gerd Altmann from Pixabay

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

The group has set up sites, both on the Internet and the dark web, and published details of what it allegedly possesses, offering the whole lot for US$1 million.

Among the data on offer is the partial source code of Microsoft Windows, source code from multiple Cisco products, source code from SolarWinds products and the FireEye Red Team tools.

The attack on SolarWinds came to light in December, soon after FireEye disclosed on 9 December AEDT that it had been compromised and had its Red Team tools stolen.

Five days later, FireEye published details about attacks using malware which it called SUNBURST; it said this malware had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds. 

Former NSA hacker Jake Williams initially said the whole thing appeared to be a ruse.

"There's no meat on this bone until more is released," he tweeted. "The only takeaways are: We've seen Russian threat actors use this type of misdirection before to muddy attribution; You shouldn't fall for it. That's it. That's the whole story."

Williams, who now runs his own information security company, Rendition Infosec, added that it looked "a lot like the Shadow Brokers TTP of offering to sell data and Guccifer 2.0 as an attribution bluff".

But he later changed his stance somewhat, writing: "One more thought about #solarLeaks: the alleged sale is only for things are commercially interesting, not data of intelligence value. The fact that no intelligence data (Treasury, Commerce, etc.) was offered for suggests this could be the real group.

"A pureplay scammer would probably offer alleged data from those orgs too. They might even get some other intelligence orgs to bite on the offer. At these prices, nobody is buying any of this commercial data, so still I'm leaning towards attribution misdirection.

"The relevance of 'no data of intelligence value' is just that I don't think most scammers would have thought that through (more data advertised == more opportunities). I'd also expect they'd bring the prices down to a possibly more sane level hoping to get some bites."

The Shadow Brokers initially offered to sell exploits which they had obtained from the NSA to the highest bidder. However, in that case their claims proved to be true as they later leaked all these exploits on the Web in 2016.

Some of them, like the well-known Eternal Blue exploit, were used with telling effect in malware like WannaCry.

Despite a long investigation into the Brokers, the NSA has yet to determine the identities of those whose make up the group.

Read 8505 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News