The U.S. intelligence community stated today that Russia is behind a major and ongoing series of cyberhacks of federal government agencies — its first official indication of blame.
WAPO: The statement, issued jointly by four agencies in a special task force, counters President Trump’s baseless suggestion last month that the intrusions might have been the work of Chinese hackers.
Secretary of State Mike Pompeo said previously that the breaches were “clearly” Russian in origin, and U.S. officials have for weeks said privately that Moscow’s foreign intelligence service carried them out, but today’s statement is the first official word from the intelligence community saying that officials think Russia is the culprit.
The breaches were so alarming that they had government and private-sector personnel working through the holidays, the task force said.
That sense of urgency stands in contrast to Trump’s effort last month to downplay the significance of the breaches.
The statement also said that fewer than 10 federal entities had their networks breached, though that list includes major agencies such as the Departments of State, Treasury, Homeland Security, Energy and Commerce.
People familiar with the matter, speaking on the condition of anonymity because the investigation is ongoing, have told The Washington Post that they think that as many as 250 government and private-sector entities at most have been compromised, though investigators are working to ascertain the scope of the hacks and to notify nongovernment entities affected.
Shortly after the intrusions were discovered last month, the White House National Security Council stood up a task force known as the Cyber Unified Coordination Group to coordinate the investigation and remediation of the incident.
The task force is made up of the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence, with support from the National Security Agency.
“We believe this was, and continues to be, an intelligence-gathering effort,” the task force said.
That’s an indication that officials have not found evidence of intent to cause disruption or destruction of networks, or that the campaign was a predicate for an influence operation aimed at, say, sowing discord.
Rather, the statement indicated, the operation was more in line with traditional espionage, stealing material that might prove useful to the Kremlin.
That might include information on potential sanctions or other policy moves being planned, or data on how the government protects its networks.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the statement said.