SolarLeaks site claims to sell data stolen in SolarWinds attacks

Yesterday, an individual or individuals claimed that they were selling information stolen from companies known to have been compromised by the SolarWinds attack.

But was the offer real or is it a scam?

Part of announcement of web site.


Lawrence Abrams reports on the site and the question of whether it is legitimate or not. As part of his reporting, he cites a statement from Cisco :

Cisco is aware of this website and has no evidence at this time of any theft of intellectual property related to recent events. We are committed to transparency and should we find information our customers need to be aware of, we will share it through our established channels.

Interestingly, he mentions two observations that suggest that it could be real: a tweet that points out that they use a domain registrar this a known registrar used by the Russian hacking groups Fancy Bear and Cozy Bear.

Abrams also notes that Jake Williams of Rendition Infosec pointed out in a tweet that the sale of commercially valuable data rather than intel stolen from government agencies might indicate that this is a real group with a real sale. reached out to FireEye for their reaction to the claimed sale of their red team tools. A spokesperson informed that they are looking into the claims about their red team tools, but commented that “It feels like a scam.”

It feels like a scam to this blogger, too, but we’ll see.

About the author: Dissent

Comments are closed.