An anonymous reader shares a report: Of the 18,000 organizations that downloaded a backdoored version of software from SolarWinds, the tiniest of slivers — possibly as small as 0.2 percent — received a follow-on hack that used the backdoor to install a second-stage payload. The largest populations receiving stage two were, in order, tech companies, government agencies, and think tanks/NGOs. The vast majority — 80 percent — of these 40 chosen ones were located in the US. These figures were provided in an update from Microsoft President Brad Smith. Smith also shared some insightful and sobering commentary on the significance of this almost unprecedented attack. His numbers are incomplete, since Microsoft sees only what its Windows Defender app detects. Still, Microsoft sees a lot, so any difference with actual numbers is likely a rounding error. Smith said: It’s critical that we step back and assess the significance of these attacks in their full context. This is not “espionage as usual,” even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency. While the most recent attack appears to reflect a particular focus on the United States and many other democracies, it also provides a powerful reminder that people in virtually every country are at risk and need protection irrespective of the governments they live under. Read more of this story at Slashdot.