Microsoft: SolarWinds Hack Was ‘Largest and Most Sophisticated Attack’ Ever

Hackers diverted more than $50 million in digital currency from an experimental project called the Decentralized Autonomous Organization (DAO), which had collected the money in Ether, similar to Bitcoin

Microsoft President Brad Smith said on Sunday that a recent hack of the Texas-based IT firm SolarWinds was “the largest and most sophisticated attack the world has ever seen.”

“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” said Smith during an interview on CBS’ 60 Minutes.

SolarWinds was penetrated by hackers last year, resulting in a massive hack of U.S. government and corporate sites.

According to the U.S. government, the hack — which is suspected to have been orchestrated by Russia — breached SolarWinds’ software, giving hackers access to thousands of companies, including several U.S. government agencies.

The hackers obtained access to emails at the U.S. Treasury, Justice, and Commerce departments, as well as other agencies. It is believed that the hackers’ goal was to seek intelligence, rather than conduct any type of immediate destruction, according to a report by Reuters.

The breach could have compromised up to 18,000 SolarWinds customers that used the company’s Orion network monitoring software, and likely took the work of hundreds — maybe even more than a thousand — engineers.

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks, and the answer we came to was, well, certainly more than 1,000,” said Smith.

It could reportedly take months to identify the compromised systems and expel the hackers.

Cybersecurity firm Trustwave has recently discovered “critical” flaws in other software produced by SolarWinds.

You can follow Alana Mastrangelo on Facebook and Twitter at @ARmastrangelo, and on Instagram.


Please let us know if you're having issues with commenting.