Technology Executives Say All Evidence Points To Russia In Major Hack Of
February 24, 2021
Executives of U.S. technology companies told lawmakers on February 23 that a
recent breach of corporate and government networks was so sophisticated that a
nation had to be behind it and said all the evidence points to Russia.
The hearing was the first to examine the hack, which was discovered by private
security company FireEye in December. It was later revealed that hackers slipped
malicious code into updates of network-management software made by the U.S.
company SolarWinds, which was then downloaded by several branches of the U.S.
government and several U.S. and European corporations.
U.S. intelligence officials and industry sources had previously blamed the
intrusion on Russian hackers. Moscow has denied any involvement.
But the technology executives said that the evidence points to Russia as they
described the precision, ambition, and scope of the attack.
"We asked ourselves how many engineers do we believe had worked on this
collective effort. And the answer we came to was...at least 1,000, very skilled,
capable engineers,” Microsoft President Brad Smith told the Senate Intelligence
“We’ve seen substantial evidence that points to the Russian foreign intelligence
agency and we have found no evidence that leads us anywhere else," Smith said.
Smith told the committee that the true scope of the intrusions is still unknown
because most victims are not legally required to disclose attacks unless they
involve sensitive information about individuals.
President Joe Biden's administration is weighing punitive measures against
Russia, and White House press secretary Jen Psaki said it would be “weeks not
months” before the U.S. responds.
“We have asked the intelligence community to do further work to sharpen the
attribution that the previous administration made about precisely how the hack
occurred, what the extent of the damage is, and what the scope and scale of the
intrusion is,” Psaki said. “And we’re still in the process of working that
At least nine government agencies and 100 private companies were breached, but
what was taken has not been revealed. U.S. government agencies affected include
the Treasury, Justice, and Commerce departments, but the full list has not been
Smith said there are victims around the world, including in Canada, Mexico,
Spain, and the United Arab Emirates.
Microsoft revealed in December that the hackers were able to gain access into
its closely guarded source code but said they did not have permission to modify
any code or engineering systems.
CEO Kevin Mandia told the Senate committee that his company has nearly 100
people working to study and contain the breach.
He said the hackers first installed malicious code in October 2019 but didn't
activate it immediately in order to see if they could remain undetected. They
then returned in March and began to steal the log-in credentials of people who
were authorized to be on the networks so they could have a “secret key” to move
around at will, Mandia said.
The Senate committee also heard from Sudhakar Ramakrishna, the CEO of SolarWinds,
who took over the company after the hack occurred, and George Kurtz, the
president and CEO of CrowdStrike, another leading security company.
Ramakrishna said his company still has not found how the hackers managed to slip
malware in the middle of the software supply chain at the point where completed
code is tailored to users' configurations.