President Donald Trump on Saturday downplayed a massive cyberattack on US federal government agencies, contradicting Secretary of State Mike Pompeo’s public remarks linking the hack to Russia and leaving administration officials scrambling to reconcile the competing statements, according to people familiar with the matter. “This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Pompeo had said of the cyber hack in an interview Friday on “The Mark Levin Show,” adding: “I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. “But Trump, in his first public comments on the issue, appeared to undercut Pompeo’s remarks in a pair of tweets Saturday, suggesting without evidence “it may be China” that’s responsible. Instead of condemning the attack, or Russia, he wrote that he had been “fully briefed and everything is well under control” — despite officials in his administration having said this week that the cyberattack “poses a grave risk” to networks across both the public and private sector.
Early signs of a US government hack emerged months ago but were inconclusive White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it Friday afternoon but were told to stand down, according to people familiar with the plans. Officials initially weren’t told why the statement was pulled back. The statement, the people said, placed blame on Russia for orchestrating the attack but left open the possibility that other actors were involved. The people familiar told CNN on Saturday it wasn’t clear whether the statement will be released, and instead described a scramble inside the administration as officials work to reconcile the competing statements from Trump and Pompeo. The President was briefed on the attack on Thursday. Trump also baselessly claimed in the tweets that the attack could have impacted US voting machines. A group of national, state and private election officials said in a joint statement last month that there is no evidence of any voting system being compromised in the 2020 election. At least half a dozen federal agencies are now known to have been targeted in the breach, including the Department of Homeland Security’s cyber arm and the Departments of Agriculture, Commerce, Energy and State. Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack. “Suffice it to say, there was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems and it now appears systems of private companies and companies and governments across the world as well,” Pompeo said. Trump had remained silent on the hack for most of the week. The White House said Friday the President was being briefed and “working very hard” in dealing with it. Asked Friday about Trump’s silence on the matter, Pompeo noted there was work going on behind the scenes. “There are many things that you’d very much love to say, ‘Boy, I’m going to call that out,’ but a wiser course of action to protect the American people is to calmly go about your business and defend freedom,” he said. As the scope of the espionage campaign and its sophistication became clearer over the past two weeks, US officials had begun to believe that a Russia-linked entity or Russian individuals are responsible for the attacks. Pompeo’s comments go further than any Trump administration official yet in pinning the blame on Russia, as further evidence shows the hacking operation bears all the hallmarks of a Russian-backed actor. The Russian embassy in Washington has denied involvement in the hack. But Moscow has been linked to several recent breaches, including the 2016 hacking of Democratic officials during the US presidential election. Last week, the cybersecurity firm FireEye disclosed that it had been targeted by a sophisticated, likely state-sponsored espionage attempt, and that several of its own hacking tools had been stolen. CNN previously reported that a Russian-affiliated group known as APT29 was behind the attack on FireEye. On Sunday, Reuters first reported that the Departments of Commerce and Treasury had been hit by hackers. The Commerce Department soon confirmed a security incident. That same evening, FireEye identified the source of its own intrusion as malware hidden in its software updates published by the software vendor SolarWinds, which is used by a number of federal civilian agencies for network management. As many as 18,000 SolarWinds customers, including US government agencies and Fortune 500 companies, had been sent the updates containing the malware. The headline and story have been updated to reflect President Donald Trump’s tweets on the cyberattack and additional reporting.
CNN’s Zachary Cohen, Brian Fung, Kaitlan Collins, Alex Marquardt and Jason Hoffman contributed to this report.