SolarWinds Attack Discovered: Microsoft's Analysis Found Around 1,000 Developers' Fingerprints

Among the biggest cybercrimes that have happened in recent months is perhaps the SolarWinds breach, which has affected thousands of the IT firm's clients, including several United States government agencies and private companies like Microsoft.

Now, Microsoft president Brad Smith shared a shocking result of the company's analysis of the breach.

Solarwinds attack 1000 developers code
Microsoft president Brad Smith shared results of their SolarWinds analysis. Stephen Brashear / Stringer

Microsoft's Analysis of the SolarWinds Attack

In a report by The Register, Smith has spoken to the US news magazine program "60 Minutes," where he described the SolarWinds attack as "the largest and most sophisticated attack the world has ever seen."

When the company analyzed the breach, they have found evidence that the code behind the hack has been made by more than a thousand developers.

"When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000," Smith said in the interview.

Nevertheless, the Microsoft executive did not specify who those developers were working for.

"What we are seeing is the first use of this supply chain disruption tactic against the United States," Smith further added.

However, he did compare the SolarWinds hacking to attacks on Ukraine, which had been widely attributed to the Russian government, saying that they have "really developed this tactic" in Ukraine, but the latter denies any involvement with the attacks.

FireEye CEO Shared a Suspicious 2FA

Besides the Microsoft executive, the news program also talked to FireEye CEO Kevin Mandia.

FireEye is another of the SolarWinds attack's victims, and Mandia shared how the company was able to detect the anomaly, which rather remained undetected for a long while before SolarWinds knew they were under attack.

According to Mandia, the firm spotted the attack due to suspicions raised by two-factor authentication.

In the interview, the FireEye chief said that an employee of the firm was logging in, however, a security staff checked the login and noticed that an employee had two phones registered to their names.

To reassure, the security staff the employee in question and asked whether they have set up a second device on their network, but the employee said they did not, so with that, FireEye immediately conducted a further probe, which eventually led to SolarWinds and then finally to the company's disclosure of Orion's compromise.

The Eventual Discovery of SolarWinds Malware

According to Smith, if it were not for Mandia and FireEye, the attack might have continued and remained undetected for a long time.

But Mandia said that finding the impostor within their network was not easy and he had to bring tons of people in to "turn every rock over" and locate any suspicious activities on every machine they have before they were able to find the malware within SolarWinds.

Moreover, "60 Minutes" also shared some insight, saying that 4,032 lines of code were at the very core of the crack.

The SolarWinds attack was first known on Dec. 13, 2020, after FireEye informed the world of the attack, but unfortunately, the brach had been going on for a while and the damage had already been done.

This article is owned by Tech Times

Written by: Nhx Tingson

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics