WASHINGTON – Leading technology companies said Tuesday that a monthslong breach of corporate and government networks was so sophisticated, focused and labor-intensive that a nation had to be behind it, with all the evidence pointing to Russia.
In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope. The perpetrators stealthily scooped up specific emails and documents on a target list from the U.S. and other countries.
“We haven’t seen this kind of sophistication matched with this kind of scale,” Microsoft President Brad Smith told the Senate Intelligence Committee.
Smith said investigators estimate at least 1,000 highly skilled engineers would have been required to develop the code that hijacked widely used network software from Texas-based SolarWinds to deploy malware around the world through a security update.
“We’ve seen substantial evidence that points to the Russian foreign intelligence agency, and we have found no evidence that leads us anywhere else," Smith said.
U.S. national security officials have also said Russia was likely responsible for the breach, and President Joe Biden's administration is weighing punitive measures against Russia for the hack as well as other activities. Moscow has denied responsibility for the breach.
Officials have said the motive for the hack, which was discovered by private security company FireEye in December, appeared to be to gather intelligence. On what, they haven't said.
At least nine government agencies and 100 private companies were breached, but what was taken has not been revealed.