The hacking που διήρκεσε μήνες και επηρέασε τις κυβερνητικές services of the US and cyber security companies was "the largest and most sophisticated attack the world has ever seen," Microsoft's president said, and involved a very large number of developers.
The attack, unveiled by security company FireEye and Microsoft in December, may have affected up to 18.000 organizations using Sunburst (or Solorigate) malware through its network management software. SolarWinds Orion.
“I think from her point of view engineeringsoftware, it's probably fair to say that this is the biggest and most sophisticated attack the world has ever seen." said Smith on CBSNews 60 Minutes.
Microsoft, which was also breached for failing to notify Orion, commissioned 500 engineers to investigate the attack, Smith said, but the team (most likely Russian-backed) behind the attack had twice as many developers.
"When we analyzed everything we saw at Microsoft, we wondered how many developers worked on these attacks. "And the answer we had was definitely over 1.000," Smith said.
US agencies confirmed to have been affected by the attacks include the US Treasury Department, the Cyberbetter safetyand Infrastructure (CISA), the Department of Homeland Security (DHS), the US Department of State, and the US Department of Energy (DOE).
"While governments have been spying on each other for centuries, recent attackers have used a technique which put its supply chain at risk technologys for the broader economy," Smith said after the attacks were revealed.
He said it was an attack "on the confidence and credibility of the world's critical infrastructure to promote a nation's intelligence service".
Smith told CBSNews' 60 Minutes that the intruders initially wrote 4.032 lines of code in Orion, which consists of millions of lines of code.