US security agencies have said that Russia was likely behind a massive cyber espionage campaign uncovered at the end of last year, contradicting earlier statements from President Donald Trump, who downplayed the possibility of Moscow’s involvement.
In a joint statement on Tuesday, the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence said that the perpetrators had compromised “fewer than 10” US federal agencies, adding that they were “likely Russian in origin”.
The agencies described the motivation for the attacks as “an intelligence gathering effort”, rather than for the purpose of data manipulation or other more destructive efforts.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” they added.
The hackers gained access by hijacking software from SolarWinds, a Texas-based IT company, which has said that some 18,000 of its government and private sector clients globally may have been exposed.
So far, only the US commerce, energy and Treasury departments have acknowledged publicly that they were breached, together with a handful of companies, including Microsoft and FireEye.
The statement marks the first official attribution of the hack to a nation state, although the intelligence community and several politicians have said that the attack bears the hallmarks of the SVR, Russia’s foreign intelligence service.
However, Mr Trump has previously claimed that the hack — which is ongoing — was being overhyped “in the fake news media”, adding in a tweet: “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
Russia has denied any involvement.