U.S. intelligence officials investigating last month's massive cybersecurity breach that impacted thousands of companies and dozens of government agencies warn the hack is part of an ongoing intelligence operation, likely being carried out by Russia.
The public conclusion, shared Tuesday by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA), is the first formal statement of attribution from U.S. officials, and confirms previous comments by senior officials and lawmakers who said the evidence pointed "pretty clearly" to Moscow.
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and nongovernmental networks," according to the statement from the intelligence and security agencies.
"At this time, we believe this was, and continues to be, an intelligence gathering effort," they added. "We are taking all necessary steps to understand the full scope of this campaign and respond accordingly."
'Serious compromise'
Evidence of the breach involving SolarWinds, a Texas-based software management company, first emerged in early December when the private cybersecurity firm FireEye announced its systems had been penetrated and that sensitive information had been stolen.
In the days that followed, the hack was traced to SolarWinds, with investigators warning that approximately 18,000 customers, including U.S. government agencies and companies around the world, had been affected.
Late last month, software giant Microsoft said the hackers even managed to use the breach to access some of the company's heavily guarded source code — the basic programming essential to running Microsoft programs and operating systems.
But despite the huge number of SolarWinds customers affected by the hack, U.S. intelligence officials said Tuesday that "a much smaller number" were compromised by follow-on activities.
"We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted," they said in the statement.
U.S. officials had previously said the hack had impacted the departments of Defense, State, Homeland Security, Energy, Treasury and Commerce, as well as state and local governments.
"This is a serious compromise that will require a sustained and dedicated effort to remediate," the FBI, CISA, ODNI and the NSA said in Tuesday's statement, adding the agencies will "continue taking every necessary action to investigate, remediate and share information with our partners and the American people."
Trump response
U.S. President Donald Trump has been largely silent on the SolarWinds hack, tweeting last month, "Everything is well under control," while appearing to deflect blame from Moscow.
"Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China," Trump said.
In a tweet late Tuesday, the White House National Security Council said the president "continues to surge all appropriate resources to support the whole-of-government response to the recent cyber incident affecting government networks."
Democratic Senator Mark Warner, the vice chair of the Senate Intelligence Committee, however, accused the Trump administration of dragging its feet.
"It's unfortunate that it has taken over three weeks after the revelation of an intrusion this significant for this administration to finally issue a tentative attribution," Warner said in a statement late Tuesday. "We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response."