DECEMBER 19, 2020
Secretary of State Mike Pompeo blamed Russia for the SolarWinds hack that compromised numerous federal agencies and U.S. corporations, while President Trump said he was skeptical of a growing consensus in Washington about the country’s role.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Mr. Pompeo said in a Friday night interview with radio host Mark Levin.
The remarks made him the first Trump administration official to explicitly say Russia was responsible for the breach, which officials have said is one of the worst intelligence failures on record.
Mr. Trump in Saturday tweets played down the link to Russia, as well as the severity of the breach, differing with his top diplomat, who has been a loyal ally.
“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. “Russia, Russia, Russia is the priority chant when anything happens,” Mr. Trump said, adding there was the “possibility that it may be China (it may!)”
In addition to Mr. Pompeo, U.S. intelligence officials speaking privately, experts investigating the hack and lawmakers briefed on it have said it was very likely conducted by Russia. Shortly after Mr. Trump’s tweet, Sen. Marco Rubio (R., Fla), acting chairman of the Senate Intelligence Committee, said it was “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history.”
Mr. Rubio added on Twitter that efforts to determine the extent and damage of the hack were ongoing and that remediation would take significant time and resources. “Our response must be proportional but significant,” he said.
Some U.S. officials and experts suspect Russia’s foreign-intelligence service, known by the initials SVR, was behind the breaches, but other security experts involved in probing the hack believe a previously unknown Russia cyber espionage group may be responsible.
Russia has denied responsibility. There is no known evidence pointing to China.
The breaches of several government agencies happened as a result of hackers compromising systems belonging to SolarWinds Inc. The company is a U.S. network-management firm that counts national security agencies, local governments, large corporations and defense contractors among its 300,000 customers. Beginning in March, about 18,000 of those customers downloaded a software update that the hackers had quietly hijacked, allowing them to stealthily slip inside any network that interested them.
Despite officials’ high confidence of Russia’s involvement, the investigation remains in the early stages. On Saturday, SolarWinds confirmed they had discovered evidence the hackers were in their systems from at least October of last year, earlier than previously known.
The hacks, which are ongoing, have hit at least six Cabinet-level departments, including the Treasury, Commerce, State, Energy and Homeland Security departments, as well as the National Institutes of Health, which is part of the Health and Human Services Department.
The suspected Russian hackers are also believed to have spied on an unknown number of SolarWinds’s other customers.
“There was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well,” Mr. Pompeo said.
The secretary of state earlier in the week suggested that U.S. officials held Russia responsible for the intrusions. His remarks on Friday were more explicit. He didn’t provide specific evidence of Moscow’s role.
Government officials and cybersecurity experts have concluded that Russia is likely responsible for the hack in part due to the extreme skill involved as well as other classified clues, according to people familiar with the matter.
As the investigation continues, security specialists are uncovering new evidence that indicates the operation is part of a broader, previously undetected cyber espionage campaign that may stretch back years.