The SolarWinds hack that affected hundreds of public and private networks across the globe may have been the work of thousands of cyberattackers.
Microsoft president Brad Smith told US news program 60 Minutes that an internal analysis of the attack found that “certainly more than 1,000” software engineers had been involved.
It remains unclear who these threat actors are or who coordinated their efforts, but most experts believe the SolarWinds attack was sponsored by the Russian state. Smith added his backing to this claim by highlighting that the Russian Government previously employed a mass supply chain disruption tactic in Ukraine.
In the same 60 Minutes segment, it was also revealed exactly how FireEye discovered the SolarWinds hack. Company CEO Kevin Mandia said that a security employee noticed that an individual had two phones registered under their name. Further investigation revealed that the second device was not legitimate. It was also disclosed that 4,032 lines of code were involved in the attack.
More to come?
It seems likely that further information will continue to gradually come to light regarding the SolarWinds attack, which Smith called “the largest and most sophisticated attack the world has ever seen.” Technology vendors, including Malwarebytes, Microsoft, FireEye, and CrowdStrike, have all been affected, as have several US Government agencies.
Because the SolarWinds hack was able to remain undetected for months, it allowed attackers to infiltrate hundreds of corporate networks. SolarWinds’ compromised Orion software is believed to have more than 30,000 customers.
Russia’s own National Coordination Center for Computer Incidents has also advised domestic businesses to prepare for retaliatory attacks, particularly against critical services. Despite this, Russia continues to deny any involvement in the SolarWinds attack.
Via The Register