SolarWinds hack was work of more than 1,000 engineers: Microsoft

WION Web Team
Washington, United StatesUpdated: Feb 24, 2021, 02:15 PM IST
main img


Story highlights

Microsoft said that other than Russian intelligence, no other organisation in the world has the ability to carry out such a sophisticated hack.

The infamous SolarWinds hack that has been blamed on Russia may have used the help of a massive, disciplined and highly skilled workforce of more than 1,000 software engineers, Microsoft President Brad Smith revealed.

In a hearing of the Senate Intelligence Committee, Smith said that other than Russian intelligence, no other organisation in the world has the ability to carry out such a sophisticated hack.

Describing it as "reckless", Smith said this SolarWinds hack acted as a great threat to the world.

Microsoft was one of the 100 companies that were targetted in this attack, which left 18,000 vulnerable. The tech giant analysed the effort and the kind of work it took to insert the malware into the widely used security software created by SolarWinds.

"We asked ourselves how many engineers do we believe had worked on this collective effort. And the answer we came to was... at least 1,000, very skilled, capable engineers," Smith said. "We haven't seen this kind of sophistication matched with this kind of scale."

Using the metaphor of a burglar breaking into a single apartment, Smith compared a previous Russian hack to this one. The SolarWinds hack was different as this was like a burglar who "manages to turn off the alarm system for every home and every building in the entire city."

"Everybody's safety is put at risk. And that is what we're grappling with here," he added.

The hack was discovered by a private security firm, FireEye, in December, after it had already affected several computers around the world. US government agencies such as the National Security Agency, the State Department, Commerce Department and the Treasury were also affected by the hack.

This statement by the Microsoft President has come after a US media house reported that the Biden administration was analysing its options to punish Russia for the cyberattack. 

"This isn't the only case of malicious cyber activity of likely Russian origin, either for us or for our allies and partners," said Anne Neuberger, the senior White House cybersecurity advisor.

Even the FireEye chief executive Kevin Mandia had stressed the gravity of this hack in the Senate hearing claiming that it took thousands of hours for his staff to discover the bug. 

"This was not the first place you look, this was the last place you look for an insertion," he said.