Microsoft President Brad Smith said yesterday in an interview that the attack on government organizations and companies using SolarWinds' Orion software, which was released in December, is the largest and "most sophisticated" ever.
Specifically, according to the statements of the leader of the creator of Windows to the program "60 Minutes" of the American network CBS, “from the point of view of software engineering, it is probably fair to say that it is the largest and most sophisticated attack the world has ever seen".
Furthermore, according to the president, "One of the really puzzling aspects of this attack is its pervasive and indiscriminate nature. What this attacker did was identify network management software from a company called SolarWinds. They installed malware in a SolarWinds product update. When that update was made available to 18,000 organizations around the world, so did this malware. "
18,000 companies and organizations are believed to have been affected
It must be remembered that the hack got accesder to the Orion product from enterprise software firm SolarWinds and it was calculated that through this program, some 18,000 public and private organizations were reached. Among others, governmental organizations such as NASA, the air forces or the Pentagon. Microsoft noted that Also in Europe there have been companies and institutions affected, especially in Spain, Belgium and the United Kingdom.
When present and activated, it allows the attacker to access the supply chain. In other words, the attackers compromise the security of a third party, in this case SolarWinds, and thereby manage to infiltrate companies and public entities that use their services, such as Microsoft, NASA or Cisco (and almost all the companies that make up the Fortune 500 list).
Microsoft itself is among the organizations that were compromised by hackers. In fact, as published by the firm, someone got to see their own source code although Microsoft spokesmen said that did not affect their customers.
The "cyberwar between Russia and the United States the biggest problem for Biden"
According to Bill Whitaker, the CBS News reporter who interviewed Brad Smith, "President Biden inherited a lot of problems, but perhaps none is as disturbing as the cyberwar between the United States and Russia, which is developing over low heat. "And, in the absence of official confirmation, various media, including Whitaker himself, consider that the hack came from Russia.
For his part, regarding the attackers, the president of Microsoft, when we have analyzed these attacks "we wonder how many experts could have been part of this action and we certainly believe that there are over 1,000"The Redmond has assigned 500 of its professionals to analyze this attack.
"SolarWinds Orion" is one of the most ubiquitous software products out there, very little known, "but for thousands of IT departments around the world it is indispensable"said the president of Microsoft.
The hack wouldn't be known if it weren't for FireEye
Journalist Whitaker also spoke with Kevin Mandía, CEO of FireEye. "The world might still not know about the hack if it weren't for FireEye," explains CBS. To this, Mandía said that "if we didn't make a living researching we wouldn't have found this. It takes a very special skill set to uncover such a sophisticated attack.
Last November, a FireEye employee alerted that something was wrong. According to the CEO of the company, "Everyone who works from home has two-factor authentication. A code appears on our phone. We have to type that code. And then we can log in. A FireEye employee was logging in, but the difference was that our security personnel looked at the login and we realized that that person had two registered phones in your name. So our security employee called that person and asked if they had registered a second device on their network, "which the worker denied doing.
In this way, FireEye saw intruders posing as their employees they could spy on your network and steal FireEye's own tools to test your clients' defenses.