Microsoft Prez says SolarWinds hack used help of over 1,000 'highly skilled' engineers

The SolarWinds hack that has been blamed on Russia may have used the help of a disciplined and highly skilled workforce of more than 1,000 software engineers, Microsoft President Brad Smith revealed on February 23. According to the Wall Street Journal, tech executives who responded to the hack of federal government computer systems told US Senate Intelligence Committee that the attack was likely wider, more complex and harder to trace than had previously been known. The SolarWinds hack was discovered in December and the Intelligence Committee Chairman, Senator Mark Warner, said that the hack drew attention to longstanding cybersecurity issues that require a federal response. 

During the first Senate hearing, the tech executives revealed that the cybersecurity breach, which affected nearly 100 US companies and nine federal agencies, was larger and more sophisticated than previously known. The representatives from the impacted firms, including SolarWinds, Microsoft and the cybersecurity firms FireEye Inc and CrowdStrike Holdings, told the Senators on Tuesday that the true scope of the intrusions is still unknown because most victims are not legally required to disclose attacks unless they involve sensitive information about individuals.

READ: Tech Firms Say There's Little Doubt Russia Behind Major Hack

Microsoft President said that its researchers believed that at least 1,000 very skilled, very capable engineers worked on the hack. Smith added that this is the “largest and most sophisticated” sort of operation that he has seen. Further, Smith said that the hacking operation’s success was due to its ability to penetrate systems through routine processes. 

Senator Warner, on the other hand, said that preliminary indications suggest that the scope and scale of this incident are beyond any that the country has confronted, and its implications are significant. Warner said that the footholds these hackers gained into private networks, including some of the world’s largest IT vendors, may provide opportunities for future intrusions for years to come. The Democratic Senator also called on Congress to consider legislative and policy proposals, such as the creation of a federal entity akin to the National Transportation Safety Board to quickly examine major breaches for systemic problems, a mandatory reporting system paired with liability protection and enforceable international cyberspace norms akin to prohibitions against bombing ambulances in wartime. 

READ: Kroger: Some Pharmacy Customer Data Impacted In Vendor Hack

‘Worst intelligence failure’ 

Moreover, senators in both parties expressed a desire to encourage or require the private sector to share more cyberthreat information with the government. The US officials described the breach as one of the “worst intelligence failures on record”. They noted that the hackers surreptitiously hijacked a software update of a SolarWinds tool widely used throughout the government and private sector. 

SolarWinds is a network-monitoring firm that provides thousands of companies with its services. However, after the attack was reported by FireEye, it was found that the SolarWinds Orion platform was also part of this massive attack. As per a report by the New York Times, the Treasury and Commerce Departments were the first agencies reported to be breached by the highly sophisticated attackers. Other agencies that faced the aftermath of the attack were the Center for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and several utility companies.

READ: North Korea Tried To Obtain COVID Vaccine Info By Hacking Into Pfizer: Report

READ: Hack Exposes Vulnerability Of Cash-strapped US Water Plants