<p class="heading_excerpt">Microsoft President Brad Smith was one of several tech leaders providing evidence.</p> Tuesday, 23 February, saw the first of a series of hearings relating to the SolarWinds cyberattack. Speaking during the three hour long hearing in front of the US Senate were representatives from Microsoft, CrowdStrike, FireEye, and SolarWinds, with one notable absence: Amazon. The hearings also took place against the backdrop of the news that the US government is considering sanctions against the alleged perpetrator of the hack, Russia. Microsoft President Testifies at SolarWinds Hearing The hearing is the start of proceedings to ultimately figure out the why and wherefore of the SolarWinds cyberattack. Speaking at the SolarWinds hearing were: Microsoft President Brad Smith FireEye CEO Kevin Mandia CrowdStrike President and CEO George Kurtz SolarWinds CEO Sudhakar Ramakrishna The big question most Senators wanted answering concerned the origin of the attack. Microsoft President Brad Smith said that "At this stage, we've seen substantial evidence that points to the Russian foreign embassy, and we've seen no evidence that points to anyone else." Smith's take on the attack was somewhat corroborated by CrowdStrike President and CEO George Kurtz, who said that although they didn't want to name a specific suspected nation-state threat actor, the evidence "was most consistent with espionage and behaviors we've seen out of Russia." <p lang="en" dir="ltr">Smith refers to Microsoft's estimation that 1000 engineers worked on SUNBURST -- adds they were 1000 "very skilled" engineers.</p>— Joe Uchill (@JoeUchill) February 23, 2021 Brad Smith also noted that Microsoft doesn't think the SolarWinds attack is finished. SolarWinds was a supply-chain hack, which compromises a third-party vendor in the supply chain to gain access to the primary target. Worryingly, Smith warned that Microsoft is "Continuing to investigate as we do not believe all supply chain vectors have yet been discovered or made public." The true extent of the attack may take much longer to emerge as companies are not required to reveal they were victims of such an attack. In that, Brad Smith also said that "It's imperative for the nation that we encourage and sometimes even require better information-sharing about cyberattacks." Related: Microsoft Reveals Actual Target of SolarWinds Cyberattack White House Considering Sanctions Against Russian Government Particularly of note were comments from White House press secretary Jen Psaki, who confirmed that the wider intelligence community is working to "fine-tune the attribution" of the SolarWinds attack to Russia and that the attribution was "weeks, not months" away from confirmation. With an estimated 18,000 agencies, companies, and organizations directly affected by SolarWinds, it is no wonder the Biden administration is considering sanctions against the Russian government. But while the US government is considering sanctions against the alleged attacker, US officials have made it clear that nothing will happen until that attribution is confirmed. As the SolarWinds attack was such a shock, having remained out of sight for over nine months, there is a feeling that waiting just a little longer to ensure accuracy is worthwhile. The 7 Best eReaders for Book Lovers <p class="">Digital books are convenient and portable. To read them, you need an eReader. Here are some of the best.</p> About The Author Gavin Phillips (735 Articles Published) Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and was the Editor for MakeUseOf's crypto-focused sister site, Blocks Decoded. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football. More From Gavin Phillips Subscribe To Our Newsletter Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals! One More Step…! Please confirm your email address in the email we just sent you.