Secretary of State Mike PompeoMike PompeoSunday shows preview: US reaffirms support for Ukraine amid threat of Russian invasion Pence to deliver keynote at fundraising banquet for South Carolina-based pregnancy center Russia suggests military deployments to Cuba, Venezuela an option MORE on Friday blamed Russia for the massive cyberattack against multiple U.S. agencies and thousands of individual federal and private entities, saying the country was "pretty clearly" behind the attack.
"I can’t say much more, as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well," Pompeo said on "The Mark LevinMark Reed LevinTucker Carlson extends influence on GOP Glenn Beck says he has COVID-19 for second time Trump draws attention with admission he 'fired Comey' MORE Show."
"This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he added.
Pompeo is the first major Trump administration official to attribute the hack directly to Russia, though the sophisticated large-scale attack has widely been presumed to be tied to the country.
Experts say the effort, which targeted third-party software contractor SolarWinds, blindsided the U.S. government. Numerous federal agencies, including the departments of Energy, Homeland Security, State and Treasury, were reportedly breached.
Pressed on any public response from President TrumpDonald TrumpBiden says Roe v. Wade under attack like 'never before' On student loans, Biden doesn't have an answer yet Grill company apologizes after sending meatloaf recipe on same day of rock star's death MORE to the hack, Pompeo suggested that "a wiser course of action to protect the American people is to calmly go about your business and defend freedom."
While Trump has not weighed in on the attack, President-elect Joe BidenJoe BidenSunday shows preview: US reaffirms support for Ukraine amid threat of Russian invasion The Fed has a clear mandate to mitigate climate risks Biden says Roe v. Wade under attack like 'never before' MORE has vowed to "elevate" cybersecurity throughout government and "make dealing with this breach a top priority from the moment we take office."
“Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation,” Biden said Thursday, adding his administration would impose "substantial costs" on anyone responsible for malicious attacks to deter such action.
Experts have described the SolarWinds attack as one of the most successful cyber intrusions in U.S. history, with hackers able to obtain access to systems going back as early as March.
SolarWinds counts among its clients numerous government agencies and Fortune 500 companies. As many as 18,000 clients downloaded compromised software from the company that delivered malware inserted by hackers.
FireEye, a top cybersecurity firm, revealed the hack earlier this month, saying its systems were penetrated by “a nation with top-tier offensive capabilities.”
Federal officials have said it will likely take weeks if not months to fully determine the scope of the attack.
Lawmakers have raised alarms and criticized Trump for not addressing the breach publicly.
"I think the White House needs to say something aggressive about what happened. This is almost as if you had a Russian bomber flying undetected over the country, including over the nation's capital, and not to respond in a setting like that is really stunning," Sen. Mitt RomneyWillard (Mitt) Mitt RomneyPut partisan politics aside — The Child Tax Credit must be renewed immediately Trump remembers former 'Apprentice' contestant Meat Loaf: 'Great guy' Rock legend, actor Meat Loaf dies at 74 MORE (R-Utah) said in an interview this week.
Lawmakers have urged Trump to take immediate action, including by signing the annual defense policy bill. The legislation includes a number of cybersecurity provisions, including one to reestablish the position of federal cyber czar and another to strengthen defensive measures against cyberattacks. Trump has threatened to veto the bill over an unrelated tech issue.
“One of the immediate steps the Administration can take to improve our cyber posture is signing the NDAA [National Defense Authorization Act] into law,” Senate Armed Services Committee Chairman James InhofeJames (Jim) Mountain InhofeOvernight Defense & National Security — White House raises new alarm over Russia Biden sparks confusion, cleanup on Russia-Ukraine remarks Republicans say Mayorkas failed to deliver report on evacuated Afghans MORE (R-Okla.) and ranking member Jack ReedJack ReedDefense bill sets up next fight over military justice Ukraine president, US lawmakers huddle amid tensions with Russia Photos of the Week: Tornado aftermath, Medal of Honor and soaring superheroes MORE (D-R.I.) said in a joint statement on Thursday. “The NDAA is always ‘must-pass’ legislation – but this cyber incident makes it even more urgent that the bill become law without further delay.”
The Trump administration has set up a cyber coordination group composed of the Cybersecurity and Infrastructure Security Agency, the FBI and the Office of the Director of National Intelligence to respond to the hack, describing it as a "whole-of-government" effort.