Security Market Segment LS
Wednesday, 13 January 2021 09:22

Alleged SolarWinds attackers offer stolen Microsoft, Cisco source code for sale Featured

Alleged SolarWinds attackers offer stolen Microsoft, Cisco source code for sale Image by Gerd Altmann from Pixabay

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

The group has set up sites, both on the Internet and the dark web, and published details of what it allegedly possesses, offering the whole lot for US$1 million.

Among the data on offer is the partial source code of Microsoft Windows, source code from multiple Cisco products, source code from SolarWinds products and the FireEye Red Team tools.

The attack on SolarWinds came to light in December, soon after FireEye disclosed on 9 December AEDT that it had been compromised and had its Red Team tools stolen.

Five days later, FireEye published details about attacks using malware which it called SUNBURST; it said this malware had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds. 

Former NSA hacker Jake Williams initially said the whole thing appeared to be a ruse.

"There's no meat on this bone until more is released," he tweeted. "The only takeaways are: We've seen Russian threat actors use this type of misdirection before to muddy attribution; You shouldn't fall for it. That's it. That's the whole story."

Williams, who now runs his own information security company, Rendition Infosec, added that it looked "a lot like the Shadow Brokers TTP of offering to sell data and Guccifer 2.0 as an attribution bluff".

But he later changed his stance somewhat, writing: "One more thought about #solarLeaks: the alleged sale is only for things are commercially interesting, not data of intelligence value. The fact that no intelligence data (Treasury, Commerce, etc.) was offered for suggests this could be the real group.

"A pureplay scammer would probably offer alleged data from those orgs too. They might even get some other intelligence orgs to bite on the offer. At these prices, nobody is buying any of this commercial data, so still I'm leaning towards attribution misdirection.

"The relevance of 'no data of intelligence value' is just that I don't think most scammers would have thought that through (more data advertised == more opportunities). I'd also expect they'd bring the prices down to a possibly more sane level hoping to get some bites."

The Shadow Brokers initially offered to sell exploits which they had obtained from the NSA to the highest bidder. However, in that case their claims proved to be true as they later leaked all these exploits on the Web in 2016.

Some of them, like the well-known Eternal Blue exploit, were used with telling effect in malware like WannaCry.

Despite a long investigation into the Brokers, the NSA has yet to determine the identities of those whoe make up the group.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Web Analytics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News