scale of the intrusion is,” Psaki said. “And we’re
still in the process of working that through now.”
FireEye CEO Kevin Mandia told the Senate that
his company has had nearly 100 people working
to study and contain the breach since they
detected it, almost by accident, in December
and alerted the U.S. government.
The hackers first quietly installed malicious
code in October 2019 on targeted networks,
but didn’t activate it to see if they could remain
undetected. They returned in March and
immediately began to steal the login credentials
of people who were authorized to be on the
network so they could have a “secret key” to
move around at will, Mandia said.
Once detected, “they vanished like ghosts,”
he said.
“There’s no doubt in my mind that this was
planned,” the security executive said. “The
question really is where’s the next one, and
when are we going to find it?”
Government agencies breached include the
Treasury, Justice and Commerce departments,
but the full list has not been publicly released.
The president of Microsoft, which is working
with FireEye on the response, said there are
victims around the world, including in Canada,
Mexico, Spain and the United Arab Emirates.
The panel, which also included Sudhakar
Ramakrishna, the CEO of SolarWinds who took
over the company after the hack occurred,
and George Kurtz, the president and CEO of
CrowdStrike, another leading security company,
faced questions not just about how the breach
occurred but also about whether hacking