“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Mr. Pompeo said in a Friday night interview with radio host Mark Levin.
SolarWinds Hack Coverage
U.S. officials have privately said they suspect Russia’s foreign intelligence service, known by the initials SVR, was behind the breaches, but none had publicly pointed the finger at Moscow.
Russia has denied responsibility.
The breach appeared to have begun when hackers compromised systems belonging to SolarWinds Inc., a U.S. network-management company that counts national security agencies, local governments, large corporations and defense contractors among its 300,000 customers.
The hacks, which are ongoing, have hit at least six Cabinet-level departments, including the Treasury, Commerce, State, Energy and Homeland Security departments, as well as the National Institutes of Health, which is part of the Health and Human Services Department.
It also has affected an unknown number of SolarWinds’s other customers.
“There was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well,” Mr. Pompeo said.
The secretary of state earlier in the week suggested that U.S. officials held Russia responsible for the intrusions. His remarks on Friday were more explicit.
He didn’t provide specific evidence of Moscow’s role.
Government officials and cybersecurity experts have concluded that Russia is likely responsible for the hack in part due to the extreme skill involved as well as other classified clues, according to people familiar with the matter. A handful of senators who have received briefings in recent days have openly referred to it as a Russian operation.
As the investigation continues, security specialists are uncovering new evidence that indicates the operation is part of a broader, previously undetected cyber espionage campaign that may stretch back years.
Mr. Pompeo gave no indication of how President Trump, who leaves office on Jan. 20, might respond. Mr. Trump hasn’t addressed the hack publicly, drawing criticism from Democratic lawmakers and some cybersecurity experts.
“There are many things that you’d very much love to say, ‘Boy, I’m going to call that out,’ but a wiser course of action to protect the American people is to calmly go about your business and defend freedom,” Mr. Pompeo said.
Write to Warren P. Strobel at Warren.Strobel@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8