Saturday, April 20, 2024

Microsoft Says SolarWinds Supply Chain Attack is the Work of 1,000-plus Developers

By Guru baran

Microsoft Says SolarWinds Supply Chain Attack is the Work of 1,000-plus Developers

Brad Smith, Microsoft’s President, earlier this week stated that Microsoft had deep-dived into SolarWinds’ hack. The investigation into this malicious attack has revealed that more than 1,000 engineers have probably worked on this attack.

Brad Smith further goes on to state that the attack is “the largest and most sophisticated attack the world has ever seen.” We have covered the SolarWinds’ attack in great detail, and you can read about it here.

The identity of the 1000 odd attackers has not been revealed or by whom they have been employed. Smith believes that this is the first time the USA is witnessing the use of supply chain disruption tactic being used against it. It is believed that the Russian government developed this tactic in Ukraine.

FireEye CEO, Kevin Mandia, too has been featured in 60 Minutes, an American news magazine. FireEye too was victim of the SolarWinds hack. FireEye had spotted the attack when an attempt at two-factor authentication, commonly known as 2FA authentication, raised suspicion.

“A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name,” he said. “So our security employee called that person up and we asked, ‘Hey, did you actually register a second device on our network?’ And our employee said, ‘No. It wasn’t, it wasn’t me'” said Kevin Mandia.

This interaction had raised several red flags within the FireEye team and the teams began digging deeper into the issue. This investigation uncovered Orion’s compromise.

60 Minutes also revealed that 4,032 lines of code was at the center of this attack, an attack that has targeted more than 18,000 companies across the globe.

Brad Smith also believes that we have not yet seen the end of the attacks. If you guys are using the Orion software, it is highly advised to upgrade to the latest version.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

SolarWinds Hack – Multiple Similarities Found Between Sunburst Backdoor and Turla’s Backdoor

DOJ Says SolarWinds Hackers Accessed 3% of it’s Office 365 Mailboxes

New Malware Discovered in SolarWinds Attack that Used 7-Zip Code to Hide

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]