Brussels (Brussels Morning) Representatives of technology companies testified at a congressional hearing in Washington yesterday that the widespread SolarWinds hack was most likely perpetrated by Russia, AFP reported.
According to Microsoft President Brad Smith, the attack on the Texas-based SolarWinds network software provider was performed with “almost breathtaking precision, ambition and scope”.
“We haven’t seen this kind of sophistication matched with this kind of scale”, Smith told the Senate Intelligence Committee, adding that his company’s investigators estimated that at least 1,000 highly skilled engineers would have been necessary to develop the code used in the attack.
“We’ve seen substantial evidence that points to the Russian foreign intelligence agency, and we have found no evidence that leads us anywhere else”, Smith observed. His claims come after the national security agencies already identified Russia as the most likely culprit.
The hackers managed to install a backdoor into a networking software created by SolarWinds, which is used by hundreds of private companies and agencies. The attackers first compromised SolarWinds itself, and then used the company’s regular security update sent to its customers to spread the manufactured vulnerability.
At least nine government agencies and more than 100 private companies had their security compromised, providing unwanted access to the hackers. None have revealed what information was taken.
While President Donald Trump largely ignored the foreign policy implications of such a serious cyber attack, his successor President Biden is currently weighing a proportionate response. This is likely to take the form of new sanctions and other measures against Russia. Moscow, meanwhile, continues to deny any involvement in the attack.