The group has set up sites, both on the Internet and the dark web, and published details of what it allegedly possesses, offering the whole lot for US$1 million.

Among the data on offer is the partial source code of Microsoft Windows, source code from multiple Cisco products, source code from SolarWinds products and the FireEye Red Team tools.

The attack on SolarWinds came to light in December, soon after FireEye disclosed on 9 December AEDT that it had been compromised and had its Red Team tools stolen.

Five days later, FireEye published details about attacks using malware which it called SUNBURST; it said this malware had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds. 

Former NSA hacker Jake Williams initially said the whole thing appeared to be a ruse.

Someone claiming to be the attackers behind the SolarWinds breach are "offering" to sell data from their exploits. This looks a lot like the Shadow Brokers TTP of offering to sell data and Guccifer 2.0 as an attribution bluf. 1/2https://t.co/vCaZOBsT9G pic.twitter.com/hkH0QVF4vj

— Jake Williams (@MalwareJake) January 12, 2021

"There's no meat on this bone until more is released," he tweeted. "The only takeaways are: We've seen Russian threat actors use this type of misdirection before to muddy attribution; You shouldn't fall for it. That's it. That's the whole story."

Williams, who now runs his own information security company, Rendition Infosec, added that it looked "a lot like the Shadow Brokers TTP of offering to sell data and Guccifer 2.0 as an attribution bluff".

But he later changed his stance somewhat, writing: "One more thought about #solarLeaks: the alleged sale is only for things are commercially interesting, not data of intelligence value. The fact that no intelligence data (Treasury, Commerce, etc.) was offered for suggests this could be the real group.

"A pureplay scammer would probably offer alleged data from those orgs too. They might even get some other intelligence orgs to bite on the offer. At these prices, nobody is buying any of this commercial data, so still I'm leaning towards attribution misdirection.

"The relevance of 'no data of intelligence value' is just that I don't think most scammers would have thought that through (more data advertised == more opportunities). I'd also expect they'd bring the prices down to a possibly more sane level hoping to get some bites."

The Shadow Brokers initially offered to sell exploits which they had obtained from the NSA to the highest bidder. However, in that case their claims proved to be true as they later leaked all these exploits on the Web in 2016.

Some of them, like the well-known Eternal Blue exploit, were used with telling effect in malware like WannaCry.

Despite a long investigation into the Brokers, the NSA has yet to determine the identities of those whoe make up the group.