{"id":39719,"date":"2021-02-24T14:30:55","date_gmt":"2021-02-24T14:30:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32052\/SolarWinds-Hack-Was-The-Work-Of-At-Least-1-000-Engineers-Tech-Execs-Tell-Senate.html"},"modified":"2021-02-24T14:30:55","modified_gmt":"2021-02-24T14:30:55","slug":"solarwinds-hack-was-the-work-of-at-least-1000-engineers-tech-execs-tell-senate","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-was-the-work-of-at-least-1000-engineers-tech-execs-tell-senate\/","title":{"rendered":"SolarWinds Hack Was The Work Of At Least 1,000 Engineers, Tech Execs Tell Senate"},"content":{"rendered":"

Tech executives revealed that a historic cybersecurity breach that affected about 100 US companies and nine federal agencies was larger and more sophisticated than previously known.<\/p>\n

The revelations came during a hearing of the US Senate\u2019s select committee on intelligence on Tuesday on last year\u2019s hack of SolarWinds, a Texas-based software company. Using SolarWinds and Microsoft<\/a> programs, hackers believed to be working for Russia were able to infiltrate the companies and government agencies. Servers run by Amazon were also used in the cyber-attack, but that company declined to send representatives to the hearing.<\/p>\n

Representatives from the impacted firms, including SolarWinds, Microsoft, and the cybersecurity firms FireEye Inc and CrowdStrike Holdings, told senators that the true scope of the intrusions is still unknown, because most victims are not legally required to disclose attacks unless they involve sensitive information about individuals. But they described an operation of stunning size.<\/p>\n

Brad Smith, the Microsoft president, said its researchers believed \u201cat least 1,000 very skilled, very capable engineers\u201d worked on the SolarWinds hack. \u201cThis is the largest and most sophisticated sort of operation that we have seen,\u201d Smith told senators.<\/p>\n

Smith said the hacking operation\u2019s success was due to its ability to penetrate systems through routine processes. SolarWinds functions as a network monitoring software, working deep in the infrastructure of information technology systems to identify and patch problems, and provides an essential service for companies around the world. <\/p>\n

\u201cThe world relies on the patching and updating of software for everything,\u201d Smith said. \u201cTo disrupt or tamper with that kind of software is to in effect tamper with the digital equivalent of our public health service. It puts the entire world at greater risk.\u201d<\/p>\n

\u201cIt\u2019s a little bit like a burglar who wants to break into a single apartment but manages to turn off the alarm system for every home and every building in the entire city,\u201d he added. \u201cEverybody\u2019s safety is put at risk. That is what we\u2019re grappling with here.\u201d<\/p>\n

Smith said many techniques used by the hackers have not come to light and that the attacker might have used up to a dozen different means of getting into victim networks during the past year.<\/p>\n