Secretary of State Mike Pompeo on Friday said that he believes Russia is behind a widespread hack that impacted dozens of companies and government agencies, which officials said poses a "grave risk" to the United States.
“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo said on conservative radio talk show "The Mark Levin Show."
Pompeo became the first member of the Trump administration to comment on the hacking campaign.
"I can't say much more as we're still unpacking precisely what it is, and I'm sure some of it will remain classified," Pompeo said. "This was a very significant effort."
On Saturday, President Trump finally addressed the hack in a series of Twitter posts, downplaying the threat of the cyberattack and floating the possibility that China could be to blame, contradicting his own Secretary of State.
One of the posts also contained false claims about the election, which was quickly flagged by Twitter.
When asked if Trump would address it or call Russia out for the attack, Pompeo demurred: “I saw this in my time running the world’s premier espionage service at the CIA. There are many things that you’d very much love to say, “Boy, I’m going to call that out,” but a wiser course of action to protect the American people is to calmly go about your business and defend freedom.”
It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research and information for dossiers on key government and industry leaders.
According to a report from Microsoft released Thursday, the tech giant, which has helped respond to the breach, revealed it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
Of the targets, nearly 44% are in the IT sector; government agencies make up around 18% of the hacked organizations, with think tanks and government contractors making up 18% and 9%, respectively.
Hackers originally implanted malicious code into SolarWinds’ software updates, a Texas-based company used by a wide range of federal agencies and private companies alike to manage their networks.
In a document filed Monday to the Securities and Exchange Commission, SolarWinds said as many as 18,000 organizations downloaded the corrupted files. While it appears SolarWinds’ customer list was removed from its website in the wake of the hack, multiple outlets have reported the company’s clientele includes at least 425 of the world's Fortune 500 companies and 10 of the nation’s top telecom firms.
The breach, which was only recently discovered, has been underway since at least March of this year. Officials have slowly acknowledged the widespread nature of the attack, so far only confirming that the Department of Energy and Department of Commerce were targeted. The U.S. Departments of Defense, State, Treasury, and Homeland Security have been identified as possible compromised agencies.
Microsoft’s data indicates a much more devastating attack is still underway.
In a stark warning to officials, the company said the breach “is effectively an attack on the United States and its government and other critical institutions, including security firms.”
“As Microsoft cybersecurity experts assist in the response, we have reached the same conclusion,” the statement read in part. “The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them.”
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” the report continued in part. “The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft. As our teams act as first responders to these attacks, these ongoing investigations reveal an attack that is remarkable for its scope, sophistication and impact.”
The company itself was among the targets, confirming Thursday evening it found corrupted binaries which were isolated and removed. Microsoft has not yet found any evidence that its customer data was breached, nor has it discovered any indications that the corrupted software was used to attack other systems from within the company. The investigation is ongoing.
President-elect Joe Biden this week pledged to take action to prevent future breaches.
"I want to be clear: my administration will make cybersecurity a top priority at every level of government," Biden said in a statement, "And we will make dealing with this breach a top priority from the moment we take office."
The president-elect said that while we are still learning more information about the hack, "what we do know is a matter of great concern."
The Russian Foreign Ministry has denied responsibility for the attack, writing in a post on Facebook the allegations are “groundless attempts by the American media to accuse Russia of hacker attacks on US government bodies.”
The Associated Press contributed to this report.