Microsoft: 1000 hackers in SolarWinds attack
The months-long hacking, which affected U.S. government agencies and cyber security companies, was "the largest and most sophisticated attack the world has ever seen," said the Microsoft president, which involved a large number of developers.
The attack, unveiled by security company FireEye and Microsoft in December, may have affected up to 18.000 organizations using Sunburst (or Solorigate) malware through its network management software. SolarWinds Orion.
"In terms of software engineering, I think it's fair to say that this is the biggest and most complex attack the world has ever seen." said Smith on CBSNews 60 Minutes.
Microsoft, which was also breached for failing to notify Orion, commissioned 500 engineers to investigate the attack, Smith said, but the team (most likely Russian-backed) behind the attack had twice as many developers.
"When we analyzed everything we saw at Microsoft, we wondered how many developers worked on these attacks. "And the answer we had was definitely over 1.000," Smith said.
U.S. agencies confirmed to have been affected by the attacks include the US Treasury Department, the Office of Cyber Security and Infrastructure (CISA), the Department of Homeland Security (DHS), the State Department and the US Department of Energy (DOE). .
"While governments have been spying on each other for centuries, recent attackers have used a technique that has jeopardized the technology supply chain for the wider economy," Smith said after the attacks were revealed.
He said it was an attack "on the confidence and credibility of the world's critical infrastructure to promote a nation's intelligence service".
Smith told CBSNews' 60 Minutes that the intruders initially wrote 4.032 lines of code in Orion, which consists of millions of lines of code.