‘They may be in the system’: Questions remain on SolarWinds hack
Al JazeeraThe US House of Representatives Oversight and Homeland Security Committees held a joint hearing on Friday on the implications of the ongoing SolarWinds hack for the government and private industry. Representative Carolyn B Maloney, chairwoman of the Oversight Committee, said “a sophisticated attacker reported to be the Russian government broke into the SolarWinds system and inserted malicious code into its software … nearly 18,000 customers downloaded updates containing the malicious code”. Maloney said the hack, which was spread through a vulnerability in widely used Microsoft cloud software, affected law enforcement agencies, and more than 100 private companies involved “in foreign affairs and national security … And that’s just what we know. And this is something that we as a tech company like Microsoft can focus on addressing by helping colleges and universities, high schools, and others, develop the people we will need in the future.” Smith previously said investigators estimate at least 1,000 highly skilled engineers would have been required to develop the code used to hack SolarWinds. US national security officials have also said Russia was likely responsible for the breach, and President Joe Biden’s administration is weighing punitive measures against Russia for the hack as well as other activities.