US President Donald Trump in his first comments about a widespread data breach across the US government downplayed the seriousness and impact of the cyber espionage campaign and questioned whether Russia was to blame.
"The Cyber Hack is far greater in the Fake News Media than in actuality," Trump said on Twitter on Saturday. "Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)."
What happened?
The hack began as early as March, when malicious code was snuck into updates to a popular software called Orion, made by the company SolarWinds, which provides network-monitoring and other technical services to hundreds of thousands of organizations around the world.
That malware gave elite hackers remote access to an organization's networks so they could steal information.
Who has been affected?
At least six US government departments, including energy, commerce, treasury and state, are reported to have been breached. The National Nuclear Security Administration’s networks were also breached, Politico reported on Thursday.
Dozens of security and other technology firms, as well as non-governmental organizations, were also affected, Microsoft said on Thursday. While most affected by the attack were in the US, Microsoft said it had identified victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
Trump's assertion that China may be behind the hacking spree, which has so far affected more than a half dozen federal agencies including the Commerce and Treasury Departments, runs counter to comments by his own Secretary of State and multiple lawmakers briefed on the matter.
"We can say pretty clearly that it was the Russians that engaged in this activity," said Secretary of State Mike Pompeo on Friday in an interview. Republican lawmaker Mitt Romney in a tweet on Thursday said the hack was "like Russian bombers have been repeatedly flying undetected over our entire country."
A State Department spokesperson did not immediately respond to a request for comment on Saturday.
Adam Schiff, the Democratic chairman of the House Intelligence Committee, said in a tweet in reaction to Trump's comments, "Another day, another scandalous betrayal of our national security by this president. Another dishonest tweet that sounds like it could have been written in the Kremlin."
The Kremlin has denied any involvement.
In his tweet, Trump tagged Pompeo and Director of National Intelligence John Ratcliffe.
The Office of the Director of National Intelligence, or ODNI, has yet to publicly comment on who is behind the massive data breach, which exploited a piece of software developed by network management firm SolarWinds that is widely used throughout the public and private sectors.
A spokesperson for ODNI and the White House's National Security Council did not respond to a request for comment.
Daniel Hoffman, a former CIA Moscow station chief, said the Trump administration needed to quickly explain why Pompeo blamed Russia, while the president cast doubt on that assessment.
He noted that Pompeo served as CIA director before becoming the top US diplomat, and he has "an extremely sophisticated understanding of national security. How is it that he attributed the attack to Russia and the president did not?"
Hoffman said that "based on everything we know," the hack was directed by Russia's external intelligence service, known as the SVR, using APT29, the Russian hacking group known as "Cozy Bear."
"We don't want to speculate that it's somebody else. We have to be clear in attributing because when you take action in response, you need to be right," Hoffman said.
(With Reuters inputs)