SolarWinds not the only company used to hack targets, tech execs say at hearing

TL;DR – “We don’t know how they did this”…:

A sophisticated malware campaign attributed to Russian intelligence goes beyond a tainted software update from IT monitoring company SolarWinds, according to lawmakers and the heads of tech companies caught up in the hack. The hackers used a variety of legitimate software and cloud hosting services to access the systems of nine federal agencies and 100 private companies.

The hackers used Amazon Web Services cloud hosting to disguise their intrusions as benign network traffic, lawmakers said Tuesday at a Senate Intelligence Committee hearing. Additionally, the hackers didn’t use the malware planted in SolarWinds’ Orion products to breach nearly a third of the victims. Instead they had access to other hacking techniques, all of which investigators are still unraveling, according to the lawmakers and Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna, CrowdStrike CEO George Kurtz and FireEye CEO Kevin Mandia

[…]

Original article