The attack by Texan SolarWinds is a decade-long cyberattack.
However, since it was brought to the public's attention, this computer attack may have prevented it from several observations. Indeed, the company would have been alerted several times to vulnerabilities years before. It was even discovered that there had already been another computer attack that preceded the latter.
It can be remembered that negligence was observed on the side of the American company, a negligence that facilitated the computer attack of its Orion software.
This article will also interest you: 3 points to remember from the attack of SolarWinds
Analysis of the malware that infected the network surveillance software provided by SolarWinds showed that this malware is moving very quickly. This is clearly causing an increase in the number of victims affected by this wave of cyberattacks. Because every day we discover a new victim or a new facet of this computer attack. "The level of infection and the impact on U.S. government systems is of particular concern. As a reminder, a backdoor was discovered in the IT monitoring and management software SolarWinds Orion. explains Andy Patrizio, IDG
In addition, a group of hackers recently launched a website called SolarLeaks. According to the latter, via this platform, it will be possible for anyone interested to have access to data from the hacking initiated since the SolarWinds attack. Among the data that can be monetized under these conditions, the source code of Microsoft or Cisco. The price could vary in the area of around $600,000. Hackers also market the cybersecurity company's tools, FireEye, through their platforms, especially RedTeam's up to 50,000.
The data set that was collected during the SolarWinds computer attack and associated companies is sold for about $1 million. Yet some see it as a cyberfake.
Taking into account the aspect of hacking, many computer security specialists do not believe in this sale of data.
"Cisco is aware of the existence of this website and has no evidence at this time of intellectual property theft related to recent events. We are committed to transparency and if we find information that our customers need to know about, we will share it through our channels," said the US company, Cisco.
Why does this seem so unrealistic according to some experts? simply because for a million dollars, it is possible to access data in value well over hundreds of millions of dollars. Too good to be true then.
Research has shown that the domain name of the site supposed to facilitate the sale of data was registered on the NLLA registar, a platform used much more by Russian cyber criminals including Cozy Bear and Fancy Bear.
Following the deactivation of their ProntonMail contacts, cybercriminals give instructions to potential customers: "Our main email and backup addresses have been closed. We understand that you want more information, but we cannot give information for free. That would be an insult to our trusted buyers. However, we can provide examples of data (for all leaks and bonuses) as proof of ownership. As we consider only serious partners, here's how we'll handle requests: Send exactly 100 XMR to the address below, add a payment ID with your email address so we can contact you again. You must encode your email address as 32-byte data in the payment ID." Write it on their website.
Access to an extract of the data recovered during one of the biggest computer attacks of the decade will cost at least $16,000. Even if the authorities and the companies concerned put forward the theory of the scam.
"Although the site is still considered by many to be a scam, Microsoft has strangely begun to detect the encrypted archive allegedly containing their source code like HackTool: Win32/Solardump.A and HackTool: Win32 / Solardump.B," explains the media Bleeping Computer on this subject. "To complicate matters, a copy of The SolarLeak site was created with the same website content, but a different Monero address." Add the latter.
Now access an unlimited number of passwords: