Microsoft President Brad Smith has claimed the recent SolarWinds hack is likely to have been the work of at least 1,000 cybercriminals, describing it as the “the largest and most sophisticated attack the world has ever seen".

The SolarWinds attack, uncovered in December 2020, saw hackers use the infrastructure of SolarWinds to distribute trojans to the users of network and applications monitoring platform Orion, compromising 18,000 companies including 425 of the Fortune 500 and the US military according to reports.

In a segment on the US news program 60 Minutes, Smith also claimed that SolarWinds was victim to 4,032 lines of malicious code and the attack originated from command-and-control servers (C&C) located on US soil, making the attack harder to spot.

Smith said: “When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000."

“What we are seeing is the first use of this supply chain disruption tactic against the United States”.

He added: “But it's not the first time we've witnessed it. The Russian government really developed this tactic in Ukraine."

Steven Jupp, founder of technology consultancy High Impact Office, said:“The spyware tools were linked to a hacking group called Turla by Kaspersky, who are a known Russian hacking group. Turla is “thought” to be linked to the Russian domestic security service, the Federal Security Service (FSB).”

“However, we must remember that hackers move in groups and even though there are known overlaps, this could be a member or members of Turla moving to another group and taking the codebase with them.”

“To state over 1,000 engineers were involved is rather like plucking a number out of the air, but there would certainly need to be a large number of actors involved to orchestrate the sheer level and efficiency of the attack.”

Share Story: