SolarWinds shaping up to be most advanced hack ever

ARS Technica reports the SolarWinds incident is shaping up to be one of the most advanced espionage hacks of the past decade if not ever. Nation-state backed hackers managed to infect Orion, a network management tool developed by SolarWinds. The tool is used by many of world's largest enterprises, government entities, NGOs, think tanks, and non-profits. About 18,000 servers ran the backdoored version of Orion but only a small fraction of high-value targets actually got hacked:

Of the 18,000 organizations that downloaded a backdoored version of software from SolarWinds, the tiniest of slivers—possibly as small as 0.2 percent—received a follow-on hack that used the backdoor to install a second-stage payload. The largest populations receiving stage two were, in order, tech companies, government agencies, and think tanks/NGOs. The vast majority—80 percent—of these 40 chosen ones were located in the US.

These figures were provided in an update from Microsoft President Brad Smith. Smith also shared some insightful and sobering commentary on the significance of this almost unprecedented attack. His numbers are incomplete, since Microsoft sees only what its Windows Defender app detects. Still, Microsoft sees a lot, so any difference with actual numbers is likely a rounding error.

The purpose of the hack is unknown. Two US senators who received private briefings claim Russia is behind this attack. Espionage isn't unusual but the scope, sophistication and impact of the SolarWinds attack is unique.