Brad Smith, president of Microsoft, has described the hack on SolarWinds software as the largest and most sophisticated attack ever. He believes that a huge group of attackers is behind it.
Smith told this during an interview with CBSNews, SiliconANGLE writes. Microsoft has hired 500 people to investigate the attack, he says. However, he believes the group of people behind the attack is much larger. “When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.” Smith adds that the compromised version of SolarWinds Orion is likely to have been installed at more than 18,000 companies worldwide.
FireEye was the first to stumble upon the hack
FireEye CEO Kevin Mandia was also interviewed by CBSNews. FireEye was the first company to notice the malicious code in Orion. At the time, the security company had no idea how big the hack was. “I can tell you this, if we didn’t do investigations for a living, we wouldn’t have found this,” Mandia says. “It takes a very special skill set to reverse-engineer a whole platform that’s written by bad guys to never be found.”
In early December, FireEye announced that the company had fallen victim to a hack. The company said that the attack was of an exceptionally high level and that the hackers were probably looking for state secrets. A few days later, however, it turned out that the attack had hit not only FireEye but thousands of companies. Government agencies were also affected.
After extensive investigation, it turned out that the attack had been going on for many months and many large companies had been hit. Names that came up were Microsoft, Cisco, Intel, Nvidia, VMware, Deloitte, Malwarebytes and various American government agencies. The NSA and FBI strongly believe that Russian hackers are behind the attacks.
Backdoor in IT management software
The hackers carried out the attack by first breaking into the systems of IT company SolarWinds. There, the attackers managed to add their own code to the Orion software that SolarWinds develops. This software is widely used for IT management and is therefore installed on many company networks with many rights. The malicious code opened a backdoor that the attackers could use to investigate compromised computers and networks further. This further investigation had to be done manually, so by no means all companies where Orion was installed actually had data stolen. After the hack was discovered, SolarWinds quickly released an update that removes the malicious code from the software.