
A large-scale cyber attack on the network monitoring software Orion Platform, which occurred in December 2020, has inflicted enormous damage on US government agencies and large corporations. In addition, SolarLeaks , a site that claims to sell data obtained through cyberattacks , has appeared and claims to provide source code for Orion and Microsoft Windows.
In December, a cyber attack that inserted a Trojan horse into an update file for the Orion platform, a networking monitoring software for security company SolarWinds, occurred. Did. Microsoft President Brad Smith said the attack was one of the most serious cyber attacks in the past decade.
According to reports, Solar Weeks, a site alleging to sell data stolen by the Solar Wind attack, has been released. When entering the site, it states that you can purchase materials found through recent adventures in a text message. In addition, some of the Windows source code and Microsoft repositories are priced at $600,000. When you access the URL of the cloud storage site that is posted as a link to the Windows source code, you are prompted to enter the encryption key.
Microsoft acknowledges that Microsoft’s product source code may have been stolen through its own attacks through the Orion platform. In addition to Microsoft, Solar Weeks sells Cisco, Solarwind, an Orion developer used in attacks, and FireEye source code and data, a renowned security company. At the bottom of the site, there is also an email address as a contact information. However, if you actually send it to an email address, you get a message that the email address doesn’t exist. The Solar Weeks domain is said to have been registered with the domain registration service (Njalla), which is frequently used by Fancy Bear, a group of Russian government hackers.
According to investigations so far, the attack on Solarwind is involving a group of hackers, UCN2452, suspected of receiving support from Russian government agencies. A search for Solar Weeks from Whois, a domain owner lookup service, revealed a server with a name that seemed to mock the searcher, saying You Can Get No Info. Related information can be found here .
Add comment