Microsoft: ‘More than 1,000 engineers’ executed SolarWinds attack

The company's president Brad Smith says the ongoing hack is the 'largest and most sophisticated the world has ever seen'

A group of hackers behind the Russian flag

The infamous SolarWinds supply chain attack that infected the networks of up to 18,000 government and private organisations was the most sophisticated ever recorded in history, Microsoft’s president Brad Smith has claimed.

In its in-depth analysis of the attack following its disclosure, Microsoft has identified that more than 1,000 engineers were involved in executing the attacks in full, according to Smith in conversation with CBS News.

The firm has assigned 500 engineers itself to investigate the attack, with one of these individuals comparing it to a Rembrandt painting with more details emerging the closer they looked at it, he added.

“SolarWinds Orion is one of the most ubiquitous software products you probably never heard of, but to thousands of IT departments worldwide, it's indispensable,” Smith told CBS News’ 60 Minutes.

"It's made up of millions of lines of computer code. 4,032 of them were clandestinely re-written and distributed to customers in a routine update, opening up a secret backdoor to the 18,000 infected networks. 

“When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.”

A drip-feed of information has emerged since the attack was first made public towards the end of 2020, with details around the scale of the disruption and method of infiltration becoming clearer as several investigations progress.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Although SolarWinds confirmed on 14 December that it had fallen victim to the attack, we’ve since learned that hackers had infiltrated the company as far back as September 2019. There were also at least four separate strains of malware used in the attack, with a fourth discovered by Symantec towards the end of last month. 

What ensued was a cyber-rampage in which hundreds of victims were compromised among the 18,000 suspected as having been infected by the malicious Orion platform update. Attackers even managed to view Microsoft source code as part of their activities.

The US government, meanwhile, has blamed Russia for orchestrating the attack.

“I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Brad Smith continued, adding that attacks are “almost certainly” continuing today.

SolarWinds recently revealed it’s in the process of boosting its cyber security capabilities following the devastating attack, expanding its staff count, techniques as well as internal processes. Security advisor Alex Stamos, who was also recruited by Zoom to quash its security woes last year, will be leading these efforts.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
What is cyber warfare?
Security

What is cyber warfare?

23 Mar 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021