The data breach between March and December by Russia that penetrated thousands of organizations is "the largest and most sophisticated attack the world has ever seen," according to Microsoft Corp. president Brad Smith.
Microsoft was one of three large technology companies affected by the Russian hacking group Cozy Bear. The others were software companies SolarWinds Inc. and VMware, Inc.
"I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen," Smith said.
For nine months Russian hackers had easy access to classified information - including from U.S. government departments.
Also affected were NATO, the UK government and the European Parliament. The breach gave Russian state-sponsored hackers access to thousands of companies and government offices worldwide that used products from the three companies.
Flaws in software from Microsoft, SolarWinds and VMware allowed Cozy Bear to access emails and other documents.
It compromised up to 18,000 SolarWinds customers using the company's Orion network monitoring software. SolarWinds said that of its 300,000 customers, 33,000 used Orion.
"When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000," Smith said.
The U.S. intelligence community last month pinpointed Russia as "likely" behind the breach. It said the attack appeared to be aimed at collecting intelligence.
In December Smith called it a cyberattack. He said the breach was "not 'espionage as usual,' even in the digital age" because it was "not just an attack on specific targets, but on the trust and reliability of the world's critical infrastructure."
U.S. Senator Dick Durbin, a Democrat from Illinois and the chairperson of the Senate Judiciary Committee, described the cyberattack as tantamount to a declaration of war.
In December, however, U.S. intelligence concluded the breach was an information gathering operation.
"This work indicates that an advanced persistent threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and nongovernmental networks," said the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Administration and the Office of the Director of National Intelligence in a joint statement.
"At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly."
"We have so far identified fewer than 10 U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted," said the statement.
