The US Senate just grilled Microsoft and SolarWinds over last year's historic cyberattack. Here's what happened.

The US Senate just grilled Microsoft and SolarWinds over last year's historic cyberattack. Here's what happened.
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.Reuters/Brendan McDermid
  • US senators questioned the tech firms involved in last year's sweeping cyberattack.
  • SolarWinds, Microsoft, FireEye, and CrowdStrike all testified, while Amazon declined to attend.
  • Microsoft's president said evidence points to Russia, where officials suspect the attack originated.

The US Senate questioned the chief executives of SolarWinds and other tech firms in a hearing Tuesday after unknown attackers, who are suspected of having links to Russia, infiltrated the company's software last year, which compromised thousands of organizations, including major federal agencies.

SolarWinds was joined in the hearing by FireEye, the cybersecurity firm that discovered the malware in December, as well as Microsoft, whose president, Brad Smith, was present at the proceedings. CrowdStrike CEO George Kurtz also testified. His cybersecurity firm was apparently able to stave off the hackers.

During the hearing, Smith gave the strongest indication that the cyberattack originated in Russia, while Kurtz and FireEye CEO Kevin Mandia did not confirm or deny the attackers' origins. But Mandia said the attack was consistent with Russian behavior.
Advertisement
Multiple senators noted that Amazon - specifically, its market-leading Amazon Web Services cloud-computing arm - was asked to also attend the hearing but declined the Senate's invitation. Republican Sen. Susan Collins of Maine said the company had an "obligation" to participate and that if it didn't moving forward, the committee "should look at next steps."

The cyberattack began in March and went undetected for months. SolarWinds told the Securities and Exchange Commission that about 18,000 of its 300,000 clients were targeted in the attack. High-level government data was left exposed - the Trump administration confirmed in December that hackers had indeed infiltrated key networks, including the US Treasury and the Commerce Department.

Read more: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is 'gargantuan' and could hurt thousands of companies, according to cybersecurity experts
Advertisement

Fortune 500 companies - including Microsoft, AT&T, and McDonald's - were among SolarWinds' vulnerable customer base. Microsoft has said its products, including its Office 365 suite and Azure cloud, were not used in the hack but that they were targeted, with the attackers making off with some of its source code. And FireEye researchers say the hackers appear to be able to send emails and access calendars on Microsoft's 365 suite.

Read more: Microsoft said its software and tools were not used 'in any way' in the SolarWinds attacks. New findings suggest a more complicated role The White House has said it may respond to the SolarWinds hacks in a matter of weeks, which could include sanctions against the Russian government.
Advertisement

Insider reported Tuesday's hearing was a pivotal moment in the relationship between the US government and the cybersecurity world, namely in how the industry could help federal officials stave off nation-state attacks in the future.

The live blog is now over. Below are some highlights from the three-hour hearing.

Sen. Mark Warner said the committee invited Amazon to attend the hearing but the company declined

Democratic Sen. Mark Warner of Virginia kicked off the hearing and noted that Amazon declined the Senate's invitation to testify in Tuesday's hearing. Republican Sen. Marco Rubio of Florida also touched on the company's lack of participation and said: "It would be most helpful in the future if they actually attended these hearings." Amazon did not immediately respond to Insider's request for comment.
Advertisement

Collins said if the tech giant didn't decide to testify, the committee "should look at next steps." Republican Sen. Ben Sasse of Nebraska and Warner also expressed concern surrounding the company's absence. The Senate committee is expected to upload additional documents in a few weeks.

Microsoft President Brad Smith said the attack's full scope was still unfolding

In his opening statement, Smith said there was much we still didn't know regarding the extent of the cyberattack and that there must be reform to the relationship between Silicon Valley's cybersecurity arm and the federal government. He also said he believed Russia was behind the attack.

Mandia, FireEye's CEO, used his opening statement to declare the attack "exceptionally hard to detect" and later said that it was a planned hack. "The question is where's the next one? And where are we going to find it?" Mandia said.
Advertisement

Smith says all the evidence points to Russia

Smith said earlier that "at this stage we've seen substantial evidence that points to the Russian foreign embassy, and we've seen no evidence that points to anyone else." He said in the hearing that more than 80% of the entities targeted in the attack were nongovernment organizations.

Mandia and Kurtz, CrowdStrike's CEO, agreed that the attacker was a nation-state actor. But neither exec said who they thought was behind it. Mandia did say that his company analyzed forensics and found that it was "most consistent with espionage and behaviors we've seen out of Russia."

{{}}