After Russian Cyberattack, Looking for Answers and Debating Retaliation Key senators and corporate executives warned at a hearing on Tuesday that the “scope and scale” of the hacking of government agencies and companies, the most sophisticated in history, were still unclear. Video -0:00 The Scale of the SolarWinds Breach Is Still Unclear, Executives Say During a Senate Intelligence Committee hearing on Tuesday, executives defended how they responded to the SolarWinds breach and warned senators that the hack might be bigger than they previously knew. We do need to enhance the sharing of threat intelligence. Now, that’s the term in the cybersecurity community for information about attacks that people are seeing. And our basic challenge today is that that information too often exists in silos. It exists in silos in the government, exists in different companies. It doesn’t come together. Who knows the entirety of what happened here? One entity knows. It was the attacker. Perhaps the most significant finding to date in our investigation is what the threat actor used to inject Sunburst into our Orion platform. Sunspot, which we discovered poses a grave risk of automated supply chain attacks through many software development companies, since the software processes that SolarWinds uses is common across the industry. The attackers came in through the SolarWinds implant and the very first thing they did is went for your keys, your tokens. Basically, they stole your identity architecture, so they could access your networks the same way your people did. And that’s why this attack was hard to find. These attackers from Day 1, they had a back door. Imagine almost a secret door into your house; and the first thing that happens when they come through that secret door is all your keys are right there. They just grab them. And now they can get into any locks you have in your house.