U.S. Secretary of State Mike Pompeo on Friday said this week’s cyber attack — dubbed by one U.S. official as “the worst hacking case in the history of America” — was “pretty clearly” the work of Russians.
Pompeo made the comments during an interview on the Mark Levin Show, effectively making him the first Trump administration official to publicly link the attack on U.S. and other computer systems around the globe to the Kremlin.
“[T]here was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. Government systems and now it appears systems of private companies and companies and governments across the world as well,” Pompeo said. “This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Russians were widely suspected of having carried out the attack, but no government official or entity had publicly confirmed who was behind it prior to Pompeo’s comments. Trump has made no public statements about the breach.
The Cybersecurity and Infrastructure Security Agency (CISA) said in an unusual warning message Thursday that the hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.
CISA officials did not respond to questions, and so it was unclear what the agency meant by a “grave threat” or by “critical infrastructure” possibly targeted in the attack that the agency says appeared to have begun last March. Homeland Security, the agency’s parent department, defines such infrastructure as any “vital” assets to the U.S. or its economy — a broad category that could include power plants and financial institutions.
The agency previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.
As it stands now, the U.S. State Department, Department of Homeland Security (DHS), and elements of the Department of Defense have reported being compromised. The hack may have lasted for months, targeting Treasury and Commerce departments.
Government agencies, such as the Department of Energy, moved quickly to protect themselves and investigate the incidents.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA),” DOE Spokeswoman Shaylyn Hynes told Fox News.
“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
Tech giant Microsoft, which has helped respond to the breach, revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom Israel, and the United Arab Emirates.
Fox News’ Peter Aitken and The Associated Press contributed to this report.