WASHINGTON (Reuters) – A hacking campaign that used a US technology company as a springboard to compromise a number of US government agencies is “the largest and most sophisticated attack the world has ever seen,” said Microsoft’s chairman. Corp, Brad Smith.
The operation, which was identified in December and which the US government has said was likely orchestrated by Russia, violated software created by SolarWinds Corp, giving hackers access to thousands of companies and government offices using its products.
The hackers gained access to emails at the US Treasury, Justice and Commerce departments and other agencies.
Cybersecurity experts have said that it could take months to identify compromised systems and drive out hackers.
“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith said in an interview that aired Sunday on CBS’s “60 Minutes ”.
The breach could have compromised up to 18,000 SolarWinds customers using the company’s Orion network monitoring software and likely trusting hundreds of engineers.
“When we look at everything we saw at Microsoft, we wonder how many engineers have probably worked on these attacks. And the answer we came up with was, well, certainly over 1,000, ”Smith said.
US intelligence services said last month that Russia was “probably” behind the SolarWinds breach, which they said appeared to be aimed at gathering intelligence rather than destructive acts.
Russia has denied responsibility for the piracy campaign.
Reporting by Brad Heath; Editing by Heather Timmons and Peter Cooney