Microsoft: SolarWinds Hack ‘Largest and Most Sophisticated Attack’ in History

Took at least 1,000 engineers to create
February 16, 2021 Updated: February 16, 2021

The hack of SolarWinds technology, which caused a breach of U.S. government systems late last year, is “the largest and most sophisticated attack the world has ever seen,” according to Microsoft Corp President Brad Smith.

The campaign, which was identified in December and, according to federal government agencies, instigated by Russia for “intelligence gathering,” compromised SolarWinds technology that is used by all five branches of the U.S. military and numerous government agencies.

The breach was achieved by inserting malware, or malicious code, into software updates for the SolarWinds Orion platform, a widely used network management tool. Hackers gained access to emails at the U.S. Treasury, Justice and Commerce departments, and other agencies.

Up to 18,000 customers of Texas-based SolarWinds were using the compromised Orion network, according to a company filing to the Securities and Exchange Commission. The company boasted of serving some 300,000 customers around the world in a partial customer listing it has since taken down.

Microsoft confirmed on Dec. 31 last year that hackers behind the cyberattack had also breached its systems, and were able to access internal Microsoft systems and view source code used to create software products.

“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith told CBS’s “60 Minutes” program during an interview that aired on Sunday.

Smith said that he believes the hacking campaign took at least 1,000 engineers to create.

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” Smith said.

Former senior cybersecurity official Christopher Krebs, who prior to his dismissal by then-President Donald Trump served as director of the Cybersecurity and Infrastructure Security Agency (CISA), described the hacking campaign this week as “an attack on the very trust that enables the current digital ecosystem.”

“When you think about how businesses, how government agencies are building their networks, they’re shifting to cloud computing, and those relationships are rooted in trust,” Krebs told “CBS This Morning.”

Krebs, now Partner at Krebs Stamos Group—hired by SolarWinds to help the company recover—accused the Russian intelligence services of compromising that trust, describing the campaign as an “exquisite operation focused on gathering intelligence from government agencies and businesses.”

“To me, that’s what’s so reckless and damaging about this specific campaign—the brazen attack on trust. We have to rebuild and regain that trust throughout our networks in the United States and elsewhere.”

Responding to questions on why CISA missed the attack, Krebs said that the network protection program “Einstein,” a key component of the National Cybersecurity Protection System, wasn’t configured to detect unknown threats.

“Einstein is really a fundamental security program for the federal government that is designed to detect known threats. This was not a known threat—this was a novel technique and path never seen before. Einstein wasn’t configured for that. There are a separate set of technologies that are in the process of deployment right now by the federal government that will put us in the position to detect these sorts of attacks going forward.”

Krebs said he understands that the Biden administration and the White House National Security Council are contemplating a wide-ranging executive order that will accelerate those security programs.

“Congress does need to ramp up investment and security efforts,” he added.

The Kremlin has denied any involvement.

Reuters contributed to this report.