- Experts believe Russia was responsible for the SolarWinds hack that impacted thousands of organizations, including the NSA and the US Department of Energy.
- Microsoft President Brad Smith said Microsoft tasked 500 engineers with investigating the hack. The engineers concluded that upwards of 1,000 developers were involved in putting the exploit together.
In 2020, a group believed to be associated with Russian intelligence services launched a massive cyberattack targeting thousands of organizations, including several U.S. government agencies and dozens of Fortune 500 companies.
The hack exploited a vulnerability in SolarWinds’ popular networking monitoring software, which is used by hundreds of thousands of entities and even by high-profile agencies like the NSA, The Department of Homeland Security, and the US Department of Energy. The malware disguised itself as a legitimate update from SolarWinds and, in turn, allowed hackers to snoop on network traffic while flying completely under the radar.
Speaking to the scope of the attack, the cybersecurity firm FireEye writes that the “victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.”
The breadth of the attack is massive and the impact hard to overstate. If anything, we likely won’t know the full extent of what information was stolen for a few more months.
While Russia has denied responsibility for the attack, the sophistication of the malware clearly points to a state-sponsored effort. According to an investigation conducted by more than 500 Microsoft engineers, the software was likely assembled by more than 1,000 developers
“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks,” Microsoft president Brad Smith said during an interview with 60 Minutes this past weekend. “And the answer we came to was, well, certainly more than 1,000.”
“I think from a software engineering perspective,” Smith went on to say, “it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen.”
As a point of reference, experts believe that the incredibly sophisticated Stuxnet malware that targeted Iran’s nuclear-fuel enrichment program was the work of perhaps 30 programmers.
Incidentally, FireEye itself was impacted by the attack, with the company noting that hackers likely accessed its suite of internal tools designed to mimic the “exploitation capabilities” of adversaries. Notably, no zero-day exploits were involved.
The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit. Many of the Red Team tools have already been released to the community and are already distributed in our open-source virtual machine, CommandoVM.
Some of the tools are publicly available tools modified to evade basic security detection. Other tools and frameworks were developed in-house for our Red Team.
The Biden administration this week said that a full investigation into the SolarWinds hack will likely take a few months.
“Due to the sophistication of the techniques that were used, we believe we’re in the beginning stages of understanding the scope and scale, and we may find additional compromises,” deputy national security advisor Anne Neuberger said on Wednesday.