Microsoft President Brad Smith (Photo: Microsoft)
More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.
In an interview with CBS News 60 Minutes, Smith said the supply chain attack was the largest and most sophisticated attack the world has ever seen.
The U.S. federal agencies investigating the attack, which targeted Microsoft and other technology and cybersecurity companies, say it was likely a cyberespionage campaign waged by Russian hackers (see:
Get Permission
Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm s network to compromise a digital certificate that encrypts data that moves between some of the firm s products and Microsoft s servers.
When London-based Mimecast first acknowledged the breach earlier this month, the company reported that fewer than 10 of its clients had been targeted by the hackers during the compromise.
The company is urging affected customers in the U.S. and U.K. to break and reestablish their connections to Microsoft products with newly issued keys, according to the update.
An timeline illustrating a Raindrop infection (Source: Symantec Threat Intelligence )
Symantec Threat Intelligence says it has uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed Raindrop that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.
Raindrop is the fourth malware variant identified as being used during the attack that targeted SolarWinds’ Orion network monitoring software. The others are Teardrop, Sunspot and Sunburst.
Symantec says Raindrop is similar to the already documented second-stage loader Teardrop, although they have several key differences. While Teardrop was delivered by the initial Sunburst backdoor, Raindrop appears to have been used for spreading across the victim s network, the Symantec report states.