Approximately 100 US companies and nine government agencies were affected by the hack using Orion software of SolarWinds, which is blamed on "Russian hackers." The real scale of the cyberattack became known during a hearing of the US Senate.
According to Microsoft president Brad Smith, "at least a thousand very skilled, very capable programmers" worked on the SolarWinds hack. "This is the largest and most complex operation we've seen," noted Smith.
The head of Microsoft compared the SolarWinds software to a health care system. According to him, the hacking of this program by the attackers was similar to the robber turning off the alarm for all residents instead of just one apartment where he wanted to enter. "Everyone's safety was threatened. That's what we're up against," added Smith. He added that hackers could use up to a dozen different ways to break into the networks of their victims.
In addition, the President of Microsoft said during the hearing that the company has evidence of the involvement of Russian intelligence in a massive cyber attack on the systems of US departments of the federal government and commercial companies in December 2020.
"At this stage, we have solid evidence that points to Russian intelligence, and no indications that would lead to anyone else," stressed Smith.
At the same time, the head of Crowdstrike specializing in cybersecurity, George Kurtz, said that his company had no information about Moscow's involvement in the attack.
The head of the cyber security company FireEye, Kevin Mandia, said at the hearing that the hackers used tools similar to those used by Russia in the attack. "The tools used in the hacking are not similar to those used by China, North Korea or Iran," noted he.
Earlier, E Hacking News reported that more than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.