WASHINGTON (Reuters) – A hacking campaign that a US technology company used as a springboard to endanger a range of US government agencies is “the largest and most sophisticated attack the world has ever seen,” said Microsoft Corp president Brad Smith.
The operation, which was identified in December and which the US government said was likely orchestrated by Russia, breached SolarWinds Corp software, giving hackers access to thousands of companies and government offices using their products.
The hackers got access to emails from the US Treasury, Justice and Commerce and other agencies.
Cybersecurity experts have said it can take months to identify the compromised systems and drive out the hackers.
“I think it is probably reasonable from a software engineering perspective to say that this is the largest and most sophisticated attack the world has ever seen,” Smith said during an interview aired Sunday on the CBS program “60 Minutes”. .
The breach could have compromised up to 18,000 SolarWinds customers who used the company’s Orion network monitoring software and likely depended on hundreds of engineers.
“When we analyzed everything we saw at Microsoft, we wondered how many engineers were likely to have worked on these attacks. And the answer we got was, well, well, well over 1,000, ”Smith said.
US intelligence agencies said last month that Russia was “likely” behind the SolarWinds breach, which they said focused on intelligence gathering rather than destructive acts.
Russia has denied responsibility for the hacking campaign.
Reporting by Brad Heath; Editing by Heather Timmons and Peter Cooney