This content is part of the Essential Guide: SolarWinds breach news center

Essential Guide

Browse Sections

Senate hearing: SolarWinds evidence points to Russia

Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.

All roads currently lead to Russia in the SolarWinds hack investigation.

While no definitive conclusions were drawn, executives from Microsoft and FireEye pointed to Russia as the most likely culprit in the SolarWinds supply chain attack -- an attack that lead to nine federal agencies and approximately 100 private sector companies being compromised -- in their statements during a Senate Intelligence Committee hearing on the SolarWinds investigation Tuesday.

During the hearing, the U.S. Senate's Select Intelligence Committee questioned several executives relevant to the attack and its investigation, including SolarWinds president and CEO Sudhakar Ramakrishna, Microsoft president and chief legal officer Brad Smith, FireEye CEO Kevin Mandia, and CrowdStrike president and CEO George Kurtz.

A Russian nation-state advanced persistent threat (APT) group has been the most commonly attributed suspect of the SolarWinds attack since at least early January by those in both the public and private sectors, and these accusations gained further credibility at the hearing. Smith stopped short of attributing the attacks definitively to Russia, but said evidence currently points in the country's direction.

"At this stage we've seen substantial evidence that points to the Russian foreign intelligence agency, and we have found no evidence that leads us anywhere else," Smith said. "We'll wait for the rest of the formal steps to be taken by the government and others, but there's not a lot of suspense at this moment in terms of what we're talking about."

Mandia had similar comments regarding FireEye's investigation.

"We went through all the forensics. It is not very consistent with cyberespionage from China, North Korea or Iran, and it is most consistent with cyberespionage and behaviors we've seen out of Russia," he said.

While CrowdStrike was "unable to corroborate" Russia's responsibility in the attack, Kurtz said that the security vendor has "no information to suggest it is incorrect."

A recent 60 Minutes episode containing interviews with Smith and Mandia explicitly attributed the attacks to Russia, but the program gave no conclusive evidence to support the claim; the episode and an additional "60 Minutes Overtime" segment also presented controversial arguments for hacking back against Russia in retaliation for the SolarWinds attacks.

Another growing area of focus was the role Amazon Web Services played in the attack; during the hearing, several committee members noted that the threat actors used AWS infrastructure to launch their attacks, though technical details of AWS' role are unclear at this point. Senator Marco Rubio (R-Fla.) said that Amazon was invited to the hearing but did not attend, and he, along with other senators, slammed the cloud and e-commerce giant as a result.

"We had extended an invitation to Amazon to participate," Rubio said. "The operation we'll be discussing today uses their infrastructure, at least in part. Apparently, they were too busy to discuss that here with us today, and I hope they'll reconsider that in the future."

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Next Steps

SolarWinds hackers stole Mimecast source code

DHS: Ransomware poses a national security threat

Russia using Kubernetes cluster for brute-force attacks

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing