16 February 2021

Microsoft believes 1,000+ developers were involved in SolarWinds hack


Microsoft believes 1,000+ developers were involved in SolarWinds hack

More than 1,000 engineers likely worked on rewriting code for the widespread SolarWinds supply-chain attack that hit multiple government entities and private companies last year, Microsoft President Brad Smith said in an interview with CBS News' "60 Minutes."

Speaking about the SolarWinds hack that affected Microsoft itself, Smith said that the supply chain attack was "the largest and most sophisticated attack the world has ever seen," adding that the campaign is most likely continuing.

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” Smith said.

Smith didn’t link the attack to a specific threat actor, he only pointed out that the offensive was comparable in effort to the attacks on the Ukraine power grid that were attributed to Russia-linked APT groups.

He also highlighted that the attackers re-wrote just 4,032 out of millions lines of code within SolarWinds Orion software, creating a backdoor to thousands infected networks. Smith said Microsoft assigned 500 engineers to look into the attack.

Despite mass-media coverage of the SolarWinds supply-chain attack and multiple warnings from government agencies, hundreds of organizations are still exposing their Orion installs to the internet.

The cybersecurity firm RiskRecon said that in December,2020 it observed 1,785 organizations exposing Orion to the internet, the number decreased to 1,330 by February 1, 2021. However, only 8% of these companies have applied the Orion update (2020.2.4) released by SolarWinds in response to the breach.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021