U.S. Secretary of State Mike Pompeo says it is clear that Russia was behind a cyberattack on several U.S. government agencies that also hit commercial targets worldwide.
“There was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems,” Pompeo told The Mark Levin Show on December 18.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Until now the administration has refrained from saying where the hacking originated, and President Donald Trump has not publicly addressed the issue.
Microsoft said it had notified more than 40 customers hit by the malware, which security experts say could allow attackers network access to sensitive government information and networks that operation infrastructure such as electricity power grids.
Roughly 80 percent of the affected customers are located in the United States, Microsoft President Brad Smith said in a blog post. Other victims of the cyberattack are in Belgium, Britain, Canada, Israel, Mexico, Spain, and the United Arab Emirates.
“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.” He added that the number and location of victims will keep growing.
James Lewis, vice president at the Center for Strategic and International Studies, said the attack may end up being the worst to hit the United States, eclipsing a 2014 suspected Chinese infiltration.
“The scale is daunting. We don’t know what has been taken so that is one of the tasks for forensics,” Lewis said, according to AFP.
“We also don’t know what’s been left behind. The normal practice is to leave something behind so they can get back in in the future,” Lewis said.
The cyberattack was first reported on December 13 in news reports that quoted unidentified U.S. officials as saying Russia-based hackers were suspected.
Russia’s U.S. Embassy has denied any involvement, saying in a statement on December 14 that Russia “does not conduct offensive operations in the cyber domain.”
The Department of Homeland Security, the Treasury Department, and the Commerce Department were among those affected in the attack, according to media reports that quoted unidentified officials with knowledge of the cyberattack.
The Department of Energy acknowledged on December 17 it was among those that had been hacked. The department includes the agency that manages the country’s nuclear-weapons stockpile.
The FBI and other agencies investigating an extensive cyberattack on U.S. government computer networks briefed members of Congress on December 18 about the intrusion.
The company whose software was compromised is SolarWinds. It acknowledged on December 16 that hackers from an “outside nation state” inserted malicious code into updates of its network management software issued between March and June this year.
Based on reporting by AFP, Reuters, and the Washington Post
This post was originally published on Radio Free.