Pompeo: Russia 'pretty clearly' behind massive cyberattack

Secretary of State Mike PompeoMike PompeoChampioning Democracy: How America can blunt the rise of authoritarian powers Azar tells Health Department staff his wife has COVID-19: ‘Mild symptoms but otherwise doing well’ Pompeo speaks with Turkish counterpart following US sanctions MORE on Friday blamed Russia for the massive cyberattack against multiple U.S. agencies and thousands of individual federal and private entities, saying the country was “pretty clearly” behind the attack.

“I can’t say much more, as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well,” Pompeo said on “The Mark LevinMark Reed LevinJudicial interference and the coming constitutional crisis Dwayne Johnson touts surge in Instagram followers after his Biden endorsement: ‘Always speak your truth’ Ted Cruz hits Fox’s Wallace for ‘train wreck’ debate, pitches new idea for moderators MORE Show.”

“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he added.


Pompeo is the first major Trump administration official to attribute the hack directly to Russia, though the sophisticated large-scale attack has widely been presumed to be tied to the country.

Experts say the effort, which targeted third-party software contractor SolarWinds, blindsided the U.S. government. Numerous federal agencies, including the departments of Energy, Homeland Security, State and Treasury, were reportedly breached.

Pressed on any public response from President TrumpDonald TrumpTrump signs bill to keep government open amid relief talks US to close two Russia consulates ‘Guardians of the Galaxy’ trends on social media following new Space Force name MORE to the hack, Pompeo suggested that “a wiser course of action to protect the American people is to calmly go about your business and defend freedom.”

While Trump has not weighed in on the attack, President-elect Joe BidenJoe BidenUS to close two Russia consulates On The Money: Congress passes bill to avert shutdown as coronavirus talks drag into weekend | Federal Reserve fight imperils relief talks Leading legal experts urge aggressive immigration actions MORE has vowed to “elevate” cybersecurity throughout government and “make dealing with this breach a top priority from the moment we take office.”

“Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation,” Biden said Thursday, adding his administration would impose “substantial costs” on anyone responsible for malicious attacks to deter such action.


Experts have described the SolarWinds attack as one of the most successful cyber intrusions in U.S. history, with hackers able to obtain access to systems going back as early as March.

SolarWinds counts among its clients numerous government agencies and Fortune 500 companies. As many as 18,000 clients downloaded compromised software from the company that delivered malware inserted by hackers.

FireEye, a top cybersecurity firm, revealed the hack earlier this month, saying its systems were penetrated by “a nation with top-tier offensive capabilities.”

Federal officials have said it will likely take weeks if not months to fully determine the scope of the attack.

Lawmakers have raised alarms and criticized Trump for not addressing the breach publicly.


“I think the White House needs to say something aggressive about what happened. This is almost as if you had a Russian bomber flying undetected over the country, including over the nation’s capital, and not to respond in a setting like that is really stunning,” Sen. Mitt RomneyWillard (Mitt) Mitt RomneyLawmakers call for Trump to take action on massive government hack Hillicon Valley: Lawmakers ask whether massive hack amounted to act of war | Microsoft says systems were exposed in massive SolarWinds hack | Senators push to keep tech liability shield out of UK trade agreement Overnight Defense: Biden team voices concern about ‘abrupt halt’ in Pentagon cooperation | Defense chief pushes back | Lawmakers question whether major cyberattack an act of war MORE (R-Utah) said in an interview this week.

Lawmakers have urged Trump to take immediate action, including by signing the annual defense policy bill. The legislation includes a number of cybersecurity provisions, including one to reestablish the position of federal cyber czar and another to strengthen defensive measures against cyberattacks. Trump has threatened to veto the bill over an unrelated tech issue.

“One of the immediate steps the Administration can take to improve our cyber posture is signing the NDAA [National Defense Authorization Act] into law,” Senate Armed Services Committee Chairman James InhofeJames (Jim) Mountain InhofeLawmakers call for Trump to take action on massive government hack Lawmakers ask whether massive hack amounted to act of war Trump faces bipartisan, international pushback on Western Sahara recognition MORE (R-Okla.) and ranking member Jack ReedJack ReedLawmakers call for Trump to take action on massive government hack Lawmakers ask whether massive hack amounted to act of war Biden selects Susan Rice to lead Domestic Policy Council, McDonough for Veterans Affairs MORE (D-R.I.) said in a joint statement on Thursday. “The NDAA is always ‘must-pass’ legislation – but this cyber incident makes it even more urgent that the bill become law without further delay.”

The Trump administration has set up a cyber coordination group composed of the Cybersecurity and Infrastructure Security Agency, the FBI and the Office of the Director of National Intelligence to respond to the hack, describing it as a “whole-of-government” effort.