The months-long hacking, which affected U.S. government agencies and cyber security companies, was "the largest and most sophisticated attack the world has ever seen," said the Microsoft president, which involved a large number of developers.
The attack, disclosed by security firm FireEye and Microsoft in December, may have affected up to 18.000 organizations using the malicious software Sunburst (or Solorigate) through its network management software SolarWinds Orion.
"In terms of software engineering, I think it's fair to say that this is the biggest and most complex attack the world has ever seen." said Smith on CBSNews 60 Minutes.
Microsoft, which was also breached for failing to notify Orion, commissioned 500 engineers to investigate the attack, Smith said, but the team (most likely Russian-backed) behind the attack had twice as many developers.
"When we analyzed everything we saw at Microsoft, and asked ourselves how many developers worked for these attacks. And the response we had was, sure enough, over 1.000," said Smith.
US agencies confirmed to have been affected by the attacks include the US Treasury Department, the Cyberbetter safetyand Infrastructure (CISA), the Department of Homeland Security (DHS), the US Department of State, and the US Department of Energy (DOE).
"While governments have been spying on each other for centuries, recent attackers have used a technique that has jeopardized the technology supply chain for the wider economy," Smith said after the attacks were revealed.
He said it was an attack "on the confidence and credibility of the world's critical infrastructure to promote a nation's intelligence service".
Smith told CBSNews' 60 Minutes that the hackers wrote 4.032 lines from scratch code in Orion, which consists of millions of lines of code.