Microsoft: ‘More than 1,000 engineers’ executed SolarWinds attack

A group of hackers behind the Russian flag
(Image credit: Shutterstock)

The infamous SolarWinds supply chain attack that infected the networks of up to 18,000 government and private organisations was the most sophisticated ever recorded in history, Microsoft’s president Brad Smith has claimed.

In its in-depth analysis of the attack following its disclosure, Microsoft has identified that more than 1,000 engineers were involved in executing the attacks in full, according to Smith in conversation with CBS News.

The firm has assigned 500 engineers itself to investigate the attack, with one of these individuals comparing it to a Rembrandt painting with more details emerging the closer they looked at it, he added.

“SolarWinds Orion is one of the most ubiquitous software products you probably never heard of, but to thousands of IT departments worldwide, it's indispensable,” Smith told CBS News’ 60 Minutes.

"It's made up of millions of lines of computer code. 4,032 of them were clandestinely re-written and distributed to customers in a routine update, opening up a secret backdoor to the 18,000 infected networks.

“When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.”

A drip-feed of information has emerged since the attack was first made public towards the end of 2020, with details around the scale of the disruption and method of infiltration becoming clearer as several investigations progress.


Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation


Although SolarWinds confirmed on 14 December that it had fallen victim to the attack, we’ve since learned that hackers had infiltrated the company as far back as September 2019. There were also at least four separate strains of malware used in the attack, with a fourth discovered by Symantec towards the end of last month.

What ensued was a cyber-rampage in which hundreds of victims were compromised among the 18,000 suspected as having been infected by the malicious Orion platform update. Attackers even managed to view Microsoft source code as part of their activities.

The US government, meanwhile, has blamed Russia for orchestrating the attack.

“I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Brad Smith continued, adding that attacks are “almost certainly” continuing today.

SolarWinds recently revealed it’s in the process of boosting its cyber security capabilities following the devastating attack, expanding its staff count, techniques as well as internal processes. Security advisor Alex Stamos, who was also recruited by Zoom to quash its security woes last year, will be leading these efforts.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.