Security Market Segment LS
Tuesday, 16 February 2021 11:18

What role did Microsoft play in the SolarWinds supply chain attack?

What role did Microsoft play in the SolarWinds supply chain attack? Pixabay

ANALYSIS The assertion by Microsoft President Brad Smith during a 60 Minutes interview with CBS on Sunday that the supply chain attack revealed by security firm FireEye in December was "the largest and most sophisticated attack the world has ever seen" has once again raised the question of the extent to which Microsoft was involved in this attack.

Smith said: “I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen."

And he added: "When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1000.”

A number of researchers chimed in with their comments on this claim, with former Tor Project member Runa Sandvik tweeting: "Saying 1000 engineers worked on the attack is like saying 1000 journalists worked on today’s front page story. Details like org structure, roles and responsibilities matter."

Microsoft's statements about this incident have been, well, curious. When the first reports of its being affected by the SolarWinds breach surfaced, Smith was quick to deny any compromise, saying "We have no indication of this." But the company soon had to backtrack on that.

On 31 December, Microsoft announced that the attackers had accessed its source code, but brushed it away by saying: "At Microsoft, we have an inner source approach — the use of open source software development best practices and an open source-like culture — to making source code viewable within Microsoft." No mention was made of what source code had been accessed.

On 13 January, email security provider Mimecast issued a statement saying a certificate it used for its Microsoft 365 connection had been compromised.

The same day, attackers who claimed to be behind the attacks started offering stolen Windows source code for sale.

A day later, a small Israeli firm, Cycode, poked a big hole in Microsoft's argument, pointing out that the lack of timing and detail in Microsoft's announcement about its source code being accessed could only mean that this was bad news.

And this company's vice-president of marketing, Andrew Fife, had some sober words to offer, saying his firm was rooting for Microsoft. "Not only is it the right thing to do, but what other choice do any of us really have? The consequences of a widespread Microsoft supply chain attack could necessitate an Internet 'shelter in place order'. We hope this is the final chapter of Microsoft's breach, but we fear it may have been reconnaissance for the next bigger operation."

Since then, there has been silence about the attack, even though it is now more than two months since FireEye first told the world that its Red Team tools had been stolen. Five days after that announcement, details of SolarWinds involvement, through a compromise of the update chain for its Orion network management software, were revealed by FireEye.

It's surprising that there has been no definitive claim about who was behind the attacks as yet. The bog standard accusation of Russia being behind it all has been flung about by the usual scaremongers, but such people — like Ellen Nakashima of The Washington Post — are known for making flaky claims.

This has led to speculation that Microsoft's software is much more at the centre of the the hack, apart from being the host operating system for Orion.

It is well known that many US Government software packages, even in sensitive areas like Defence, still run on ancient versions of Windows like XP. Given that, and the overwhelming preponderance of Windows in businesses and also homes, and its less-than-stellar security record, Redmond's involvement in this supply chain attack could well end up being much bigger than we know at present.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News