WASHINGTON (Reuters) – A hacking campaign that used a U.S. technology company as a springboard to compromise a number of U.S. government agencies is “the biggest and most sophisticated attack the world has ever seen,” said the president of Microsoft Corp, Brad Smith.
The operation, which was identified in December and which the United States government said was probably orchestrated by Russia, violated software made by SolarWinds Corp, giving hackers access to thousands of companies and government offices that used its products.
Hackers had access to emails in the departments of the US Treasury, Justice and Commerce and other agencies.
Cybersecurity experts say it can take months to identify compromised systems and drive out hackers.
“I think from a software engineering perspective, it’s probably fair to say that this is the biggest and most sophisticated attack the world has ever seen,” said Smith during an interview that aired on Sunday on CBS’s “60 Minutes” program.
The breach may have compromised up to 18,000 SolarWinds customers who used the company’s Orion network monitoring software and likely had hundreds of engineers.
“When we looked at everything we saw at Microsoft, we wondered how many engineers were likely to have worked on these attacks. And the answer we came up with was, well, certainly more than 1,000, ”said Smith.
US intelligence services said last month that “probably” Russia was behind the SolarWinds breach, which they said appeared to be aimed at collecting information rather than destructive acts.
Russia has denied responsibility for the hacking campaign.
Brad Heath reporting; Editing by Heather Timmons and Peter Cooney