A new website called SolarLeaks appeared on January 12th, claiming without proof to have data that was stolen in the SolarWinds attacks. Among the companies SolarLeaks claims to have data for are Cisco, FireEye Microsoft and SolarWinds. The website included links to download encrypted files from the mega.nz file hosting service that they claim have data stolen from the four companies, and it lists various prices from $50,000 USD to $600,000 USD, along with an email address to contact for negotiation. According to reporters, the file download links no longer work, and email sent to the protonmail.com address given is returned as undeliverable. The message on the SolarLeaks website was digitally signed using PGP, but did not use key that could be publicly verified or attributed to any known threat group. Microsoft admitted in a December 31st blog post that its source code had been accessed during the breach but has said that there was no risk to any services or customer data.
“At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.”
Cisco acknowledged the leak site in a security advisory yesterday and currently believes that no source code has been stolen.
“Cisco is aware of this website and has no evidence at this time of any theft of intellectual property related to recent events. We are committed to transparency and should we find information our customers need to be aware of, we will share it through our established channels.”