Breach, Third-party risk

Microsoft found 1,000-plus developers’ fingerprints on SolarWinds attack

February 15, 2021
An analysis of the recent SolarWinds hack concluded that more than one thousand developers were likely involved in the code that enabled the attack, Microsoft president Brad Smith said in the news program “60 Minutes,” describing it as “the largest and most sophisticated attack the world has ever seen,” according to The Register. Smith drew comparisons between the incident and the cyberattacks in Ukraine that were alleged to have been instigated by the Russian government. “What we are seeing is the first use of this supply chain disruption tactic against the United States,” Smith said. In the same segment, FireEye CEO Kevin Mandia spoke about their involvement in the breach and how the discovery of a suspicious two-factor authentication event led to the attack’s eventual discovery. The segment also discussed how cyber defense groups failed to detect this particular attack on the basis that most place their focus on outside borders, while SolarWind’s attackers used U.S.-hosted servers.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad