Microsoft’s analysis of the contamination of SolarWinds update servers suggests that the malicious code used in the attack on this supply chain may have involved up to 1,000 developers. Microsoft President Brad Smith called the incident “the biggest and most sophisticated attack the world has ever seen”. As assessed by the experts, during the investigation it became clear that hackers rewrote a total of 4,032 lines of Orion code, which formed the basis of the cyber attack.
“It is probably fair to say that this is the biggest and most complex attack ever to take place in the world. This is the first use of supply chain disruption tactics against the United States, ”said Smith, according to CBS News.
According to Kevin Mandia, CEO of FireEye, the cyber attack was discovered when a two-factor authentication attempt at his company raised suspicions.
“A FireEye employee logged on to the system and our security team and found that a user had two registered phones. Experts called that person and asked if he actually registered the second device on the network. The employee replied that it was not him, ”said Mandia.
The discovery of this activity led to further investigations into the SolarWinds hack and the compromise of the Orion software.
See the original post at: https://www.cisoadvisor.com.br/mais-de-1-000-devs-podem-ter-trabalhado-no-ataque-a-solarwinds/?rand=59039
