WASHINGTON (Reuters) – A hacking campaign that has used a US technology company as a springboard to compromise a number of US government agencies is “the largest and most sophisticated attack the world has ever seen,” the president said. Microsoft Corp., Brad Smith.
The operation, which was identified in December and which the US government said was likely orchestrated by Russia, violated software developed by SolarWinds Corp., giving hackers access to thousands of companies and government offices that used its products.
The hackers had access to e-mails from the US Treasury, Justice and Commerce departments and other agencies.
Cybersecurity experts say it could take months to identify compromised systems and expel hackers.
“I think from a software engineering perspective, it’s fair to say that this is the biggest and most sophisticated attack the world has ever seen,” Smith said in an interview with CBS’s “60 Minutes” on Sunday.
The breach could have compromised up to 18,000 SolarWinds customers who used the company’s Orion network monitoring software and probably relied on hundreds of engineers.
“When we looked at everything we saw at Microsoft, we wondered how many engineers probably worked on these attacks. And the answer I came up with was, well, definitely more than 1,000, ”Smith said.
US intelligence said last month that Russia was “likely” behind the SolarWinds violation, which it said was aimed at gathering information rather than destructive acts.
Russia has denied responsibility for the hacking campaign.
Reporting by Brad Heath; Editing by Heather Timmons and Peter Cooney