More than 1,000 engineers likely worked on rewriting code for the widespread SolarWinds supply-chain attack that hit multiple government entities and private companies last year, Microsoft President Brad Smith said in an interview with CBS News' "60 Minutes."
Speaking about the SolarWinds hack that affected Microsoft itself, Smith said that the supply chain attack was "the largest and most sophisticated attack the world has ever seen," adding that the campaign is most likely continuing.
“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” Smith said.
Smith didn’t link the attack to a specific threat actor, he only pointed out that the offensive was comparable in effort to the attacks on the Ukraine power grid that were attributed to Russia-linked APT groups.
He also highlighted that the attackers re-wrote just 4,032 out of millions lines of code within SolarWinds Orion software, creating a backdoor to thousands infected networks. Smith said Microsoft assigned 500 engineers to look into the attack.
Despite mass-media coverage of the SolarWinds supply-chain attack and multiple warnings from government agencies, hundreds of organizations are still exposing their Orion installs to the internet.
The cybersecurity firm RiskRecon said that in December,2020 it observed 1,785 organizations exposing Orion to the internet, the number decreased to 1,330 by February 1, 2021. However, only 8% of these companies have applied the Orion update (2020.2.4) released by SolarWinds in response to the breach.