Attorney General William Barr is the latest government official to join those blaming Russian actors for the sweeping breach that has rocked public and private information systems, including those of several federal agencies.
Cybersecurity firm FireEye was the first victim to report it had been compromised by what CEO Kevin Mandia described as “a nation with top-tier offensive capabilities,” and while FireEye did not publicly make the Russia connection, The Washington Post, and Reuters cited anonymous U.S. officials who did. Since then, several members of Congress, and Secretary of State Mike Pompeo have expressed certainty about Russia’s involvement, and President-elect Joe Biden’s team is reportedly considering ways to retaliate.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Pompeo told a radio show host on Friday.
But attributing cyber incidents is fraught with political implications, as demonstrated by tweets from President Donald Trump Saturday.
“The Cyber Hack is far greater in the Fake News Media than in actuality,” Trump wrote, tagging Pompeo and Director of National Intelligence John Ratcliffe. “I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)”
“From the information I have, you know, I agree with Secretary Pompeo’s assessment,” Barr said responding to a question about the hack during an unrelated press conference. “It certainly appears to be the Russians, but I’m not going to discuss it beyond that.”
Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs also pointed to Russia Monday on NPR’s Morning Edition and highlighted a specific unit, which U.S. intelligence officials have connected to previous high-profile breaches.
“What I understand, it is in fact the Russians,” Krebs said. “It’s the Russian SVR, which is their foreign intelligence service. They are really the best of the best out there. They’re a top-flight cyber intelligence team, and they used some very sophisticated techniques to really find the seams in our cyber defenses here in the United States and seem to be quite successful in penetrating some very sensitive places.”
A week after being named in press reports as a breached agency, Treasury Secretary Steven Mnuchin on Monday confirmed the department’s unclassified systems were affected “as a result of some third-party software.” Investigators are working to determine the full scope of the breach and the level of access the perpetrators might still have to sensitive information. “I will say the good news is there’s been no damage, nor have we seen any large amounts of information displaced,” he said on CNBC’s “Squawk on the Street.”
A Defense Department spokesperson reiterated to Nextgov in an email the Pentagon has found no evidence of compromise but confirmed the agency was exposed to the malware.
“DOD was exposed to the malware but there is no evidence that the exposure has resulted in a compromise of data or systems,” Russell Goemaere, the DOD spokesperson, said. “We will continue to assess our DOD Information Network for indicators of compromise and take targeted actions to protect our systems beyond the defensive measures we employ each day. We will continue to work with the whole-of-government effort to mitigate cyber threats to the nation.”