SECURITY
SECURITY
SECURITY
Microsoft’s Brad Smith labels SolarWinds hack ‘largest, most sophisticated attack ever’
Microsoft Corp. President Brad Smith has labeled the now-infamous hack of SolarWinds Worldwide LLC’s Orion software as the “largest and most sophisticated attack ever” as further details of the attack emerge.
Smith (pictured) made the comments on an interview on CBSNews’ “60 Minutes” Sunday night while also disclosing that Microsoft had assigned 500 engineers to investigate the attack. That number is half of what those behind the attack may have deployed, he added.
“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks,” Smith said. “And the answer we came to was, well, certainly more than 1,000.”
Smith also discussed the scope of the attack, suggesting that the malicious software, which was buried in updates to SolarWinds Orion, went out to 18,000 organizations around the world.
“60 Minutes” also interviewed FireEye Inc. Chief Executive Officer Kevin Mandia. FireEye was the first to detect the attack when they were targeted themselves Dec. 8. Little was it known, at the time FireEye revealed that it had been hacked, just how big the hack would become.
“I can tell you this, if we didn’t do investigations for a living, we wouldn’t have found this,” Mandia said. “It takes a very special skill set to reverse-engineer a whole platform that’s written by bad guys to never be found.” FireEye subsequently discovered that the compromise had occurred because of malware in SolarWinds Orion Dec. 13. SolarWinds confirmed Dec. 14 that its software was at the center of the attack.
A full list of victims of the attack, all 18,000 of them, may never be fully known, but prominent victims include the U.S. Commerce and Treasury departments, Homeland Security, the State Department and the National Institutes of Health. The U.S. Energy Department and National Nuclear Security Administration were also compromised.
The “60 Minutes” report, like many media reports, focuses on the claim that the SolarWinds compromise was led by Russians but ignores evidence that Chinese hackers were also involved. In reality, both Russian and Chinese hacking groups are believed to have been involved.
Microsoft first published details that a second hacking group was also targeting SolarWinds’ software in December, while a report Feb. 2 squarely pointed the finger at Chinese hackers.
Photo: Web Summit/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
