Microsoft President Brad Smith has called the ever-growing hacking campaign into a U.S. tech firm that was discovered this week “a moment of reckoning.”
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” he wrote in a blog post Thursday.
Smith said 40 of Microsoft’s customers were also hit by the breach because they had the SolarWinds software targeted by suspected Russian hackers. At least 80% of customers were in the U.S., but the rest were in Canada, Mexico, Belgium, Spain, the U.K., Israel and the United Arab Emirates. He said he expects the number of victims to grow.
“In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency,” Smith wrote.
So far, least six federal agencies are known to have been hit by the suspected Russian hack into the IT company, Politico wrote Thursday. The scope of the breach is still being uncovered, with the Energy Department and National Nuclear Security Administration the latest reported victims of the cyberattack.
SolarWinds provided IT management services to at least 17,000 customers that included private firms as well as the U.S. government. The ongoing attack is believed to have started in March and went undetected for several months.
In his post, Smith stressed the broader implications of the breach: “The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them.”
The tech leader said the attack highlights how desperately the U.S. government and the private tech sector, as well as the global community, must join forces to respond to cyberattacks in an organized, coordinated fashion.