The cyber-security firm that identified the large-scale hacking of US government agencies says it “genuinely impacted” around 50 organisations.
Kevin Mandia, CEO of FireEye, said that while some 18,000 organisations had the malicious code in their networks, it was the 50 who suffered major breaches.
The US Treasury and departments of homeland security, state and defence are known to have been targeted.
So too have the chairs of the Senate and House of Representatives’ intelligence committees.
However, President Trump cast doubt on Russia’s role in two tweets on Saturday, hinting instead at Chinese involvement.
Mr Mandia told CBS News that the cyber attack “was very consistent” with what US officials know about the work of Russia’s foreign intelligence agency, the SVR.
“I think these are folks that we’ve responded to in the ’90s, in the early 2000s. It’s a continuing game in cyberspace,” he said.
He said the attack on the Texas-based SolarWinds Orion, the computer network tool at the source of the breach, had the “earliest evidences of being designed”.
It started with a “dry run” in October 2019 when “innocuous code” was changed. “Then sometime in March, the operators behind this attack did put malicious code into the supply chain,” he said, “injected it in there and that is the backdoor that impacted everybody”.
What is being said about Russia’s involvement
Despite Russia’s denials of the “baseless” claims, many in the US intelligence community suspect the Russian government is responsible.
Mr Pompeo said on Friday: “We can say pretty clearly that it was the Russians that engaged in this activity.”
He said that Russia was trying to “undermine our way of life”, and that Russian President Vladimir Putin “remains a real risk”.
Mr Pompeo has taken a strong line against Russia before. In his time as secretary of state, the US has pulled out of a key nuclear treaty and the Open Skies Treaty on aerial surveillance flights.
The Republican Chair of the Senate intelligence committee, Marco Rubio, tweeted that it is “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history”. He said the response “must be proportional but significant”.
Adam Schiff, Democrat chair of the House intelligence committee, echoed these views, saying on Sunday: “I don’t think there’s any question that it was Russia”.
And he took a swipe at President Trump for his comments on the issue saying they were “just uniformly destructive and deceitful, and injurious … to our national security.”
The president has long been ambivalent towards Moscow, downplaying such incidents as allegations that Russia offered the Taliban bounties to kill US troops.
In his tweets on Saturday, Mr Trump again turned on what he labels the “fake news media” for exaggerating the matter.
He wrote: “The Cyber Hack is far greater in the Fake News Media than in actuality.
“I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
President-elect Joe Biden, who is due to be sworn in on 20 January, has vowed to make cyber-security a “top priority” of his administration.
“We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place,” he said on Thursday.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in co-ordination with our allies and partners.”
What do we know about the hacking campaign?
Hackers managed to gain access to major organisations by compromising network management software developed by the Texas-based IT company SolarWinds.
The access could have allowed the hackers to take a high degree of control over the networks of organisations using that software, but appears to have been used to steal data rather than for any disruptive or destructive impact.
It is thought they targeted a narrow number of organisations in an attempt to steal national security, defence and other related information.
However, while software may have been downloaded, that does not necessarily mean data was taken.
SolarWinds Orion earlier said that 18,000 of its 300,000 customers might have been affected, but there is no indication that significant theft of customer or citizen data was an aim of the cyber-attack.
Researchers, who have named the hack Sunburst, say it could take years to fully comprehend it.
For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online.
Several other organisations around the world, including in the UK, are understood to have been targeted by hackers using the same network management software.