Microsoft Says SolarWinds Supply Chain Attack is the Work of 1,000-plus Developers

Brad Smith, Microsoft’s President, earlier this week stated that Microsoft had deep-dived into SolarWinds’ hack. The investigation into this malicious attack has revealed that more than 1,000 engineers have probably worked on this attack.

Brad Smith further goes on to state that the attack is “the largest and most sophisticated attack the world has ever seen.” We have covered the SolarWinds’ attack in great detail, and you can read about it here.

The identity of the 1000 odd attackers has not been revealed or by whom they have been employed. Smith believes that this is the first time the USA is witnessing the use of supply chain disruption tactic being used against it. It is believed that the Russian government developed this tactic in Ukraine.

FireEye CEO, Kevin Mandia, too has been featured in 60 Minutes, an American news magazine. FireEye too was victim of the SolarWinds hack. FireEye had spotted the attack when an attempt at two-factor authentication, commonly known as 2FA authentication, raised suspicion.

“A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name,” he said. “So our security employee called that person up and we asked, ‘Hey, did you actually register a second device on our network?’ And our employee said, ‘No. It wasn’t, it wasn’t me'” said Kevin Mandia.

This interaction had raised several red flags within the FireEye team and the teams began digging deeper into the issue. This investigation uncovered Orion’s compromise.

60 Minutes also revealed that 4,032 lines of code was at the center of this attack, an attack that has targeted more than 18,000 companies across the globe.

Brad Smith also believes that we have not yet seen the end of the attacks. If you guys are using the Orion software, it is highly advised to upgrade to the latest version.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

SolarWinds Hack – Multiple Similarities Found Between Sunburst Backdoor and Turla’s Backdoor

DOJ Says SolarWinds Hackers Accessed 3% of it’s Office 365 Mailboxes

New Malware Discovered in SolarWinds Attack that Used 7-Zip Code to Hide

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago