Criminals broke into companies such as FireEye, Microsoft and many US authorities via a back door in the SolarWinds Orion network management software. Now they are supposedly selling their loot on a website called SolarLeaks: 600. 000 US dollars for Windows source code, 500. 000 for source code of Cisco products; and the handcrafted attack tools from the security company Fireeye are offered by the website at a bargain price of 50. 000 US dollars.

Authenticity Doubtful The site tries to give an authentic external impression. For example, it comes up with a valid digital PGP signature; However, this does not allow any conclusions to be drawn about the author. The authors of the site also do not provide any evidence of the authenticity of the data. Anyone could have found the facts presented in the media. So the whole thing could just as well be a fake.

Whether the offers are genuine is still doubtful; the links are already dead.

Nothing will come of the sale of the data packages for the time being. The hoster Mega has already blocked the download links for the encrypted download packages. And the ProtonMail account given for communication with the blackmailers has allegedly already been blocked.

Really espionage? In a joint statement, FBI, CISA and the NSA accuse an Advanced Persistent Threat Group (APT) with “probably Russian origin” as the originator of the SolwarWinds break-in and the subsequent break-ins at American corporations and authorities. In general, the incidents are classified as state-organized espionage activities.

A spy background of the break-ins may appear on the At first glance, it doesn’t quite match the current offer, which is more reminiscent of the procedure of conventional cybercrime gangs. But that’s not that extraordinary. For example 2016 an APT group succeeded in stealing the NSA’s crown jewels in the form of highly specialized attack tools. Some time later, the dubious shadow brokers offered these NSA-internal intrusion tools for sale.

Incidentally, the shadow brokers later published the NSA exploit EternalBlue in particular, which helps the malware WannaCry and NotPetya Billions in damages. Let’s see what happens next week. The authors of the SolarLeaks site promise to provide more information.

(ju)