Microsoft Says Over 1,000 Developers Worked on SolarWinds Attack

Microsoft on SolarWinds Attack

In an interview with CBSNews, Microsoft President Brad Smith said the recent attack on SolarWinds was “the largest and most sophisticated he has ever seen.” According to him, the analysis of the hack carried out by the company’s specialists suggests that more than 1,000 developers worked on this attack.

At the same time, Smith says that the attackers rewrote only 4032 lines of code in Orion, which contains millions of lines of code.

Let me remind you that in December 2020 it became known that unknown hackers attacked SolarWinds and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the infected version of the platform was installed on approximately 18,000 customers, according to official figures.

As a result, the victims included such giants as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department and the National Nuclear Security Administration.

Smith said that more than 500 Microsoft engineers are working on the analysis of this incident, but much more specialists “worked” on the side of the attackers:

When we analysed everything we found at Microsoft, we asked ourselves how many engineers could be working on these attacks? The answer we received was: well, obviously more than a thousand.said Brad Smith.

Since the attack is attributed to a Russian-speaking hack group that cybersecurity experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye), and Dark Halo (Volexity), Smith also compared the SolarWinds hack to large-scale attacks on Ukraine, which are also attributed to Russia (although the Russian Federation authorities deny their involvement).

The head of FireEye, Kevin Mandia, also spoke to reporters and explained the recent events.

As it turned out, a compromise was discovered in FireEye almost by accident. The fact is that to remotely log into a company’s VPN, employees need a two-factor authentication code, and their accounts are tied to phone numbers. The FireEye security service accidentally noticed that one of the employees linked two phone numbers to his account.

When this person was called and asked if he really had two numbers or devices, he replied that he had not done anything like that. It turned out that the second number was tied to the account by the attackers.said Kevin Mandia.

Let me remind you that Microsoft says SolarWinds hackers hunted for access to cloud resources.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *