What you need to know
- Microsoft President Brad Smith recently spoke on the SolarWinds hack on the program "60 Minutes."
- Smith says that it's "probably fair to say that this is the largest and most sophisticated attack the world has ever seen."
- Analysis from Microsoft suggests that over 1,000 engineers probably worked on the attacks.
The SolarWinds attack was identified in December of last year. The attack exploited vulnerabilities of the SolarWinds software, which resulted in targets having data compromised. Microsoft identified that over 40 of its customers were targeted by the SolarWinds attack.
A SolarWinds security advisory states that the attack "may have been conducted by an outside nation state." The U.S. government has said that the attack was likely orchestrated by Russia, though Russia has denied responsibility.
In addition to several companies being attacked, the SolarWinds attack also targeted and gained access to emails at the U.S. Treasury, Commerce departments, and other agencies.
Smith said of the attack during his interview with 60 Minutes, "I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen."
Smith also discussed how many engineers were likely involved:
When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.
This isn't the first time that Microsoft's president has discussed the SolarWinds attack. In a blog post from December 2020, Smith states, "This is not 'espionage as usual,' even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."
