U.S. President Donald Trump on Saturday appeared to be downplaying the impact of a wide-spread cyberattack that targeted and affected several U.S. government agency networks, as well as Fortune 500 companies.
In tweets Saturday morning, Trump said the attack is “far greater in the Fake News Media than in actuality.”
“I have been fully briefed and everything is well under control,” he wrote. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it might be China (it may!)”
Trump’s unsubstantiated claims come just a day after U.S. Secretary of State, Mike Pompeo said Russia was “pretty clearly” behind the cyberattack.
Pompeo was the first Trump administration official to publicly tie the Kremlin to the widespread intrusion.
“We’re still unpacking precisely what it is, and I’m sure some of it will remain classified,” Pompeo said in an interview late Friday with radio talk show host Mark Levin.
Pompeo said it was a “very significant effort.”
“And I think it’s the case now that we can say pretty clearly that it was the Russians that engaged in this activity,” he continued.
On Wednesday, the U.S. government confirmed several of its networks were affected by a recent hacking campaign targeting users of SolarWinds, a Texas-based software company.
The hackers utilized the platform to peer into computer networks for various U.S. government agencies, including the U.S. Department of Homeland Security, and the federal Treasury and Commerce departments.
SolarWinds said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed for almost nine months.
In a joint statement issued earlier this week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) said the situation was “developing.”
“And while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the statement read.
The FBI said it is “investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”
While the joint statement does not say who is to blame for the hack, officials widely suspect Russia is responsible.
Russia, however, denies any involvement.
Cybersecurity firm FireEye was the first of SolarWinds’ customers to detect the attack.
In a blog post on Dec. 13, the company said the campaign is “widespread,” and could have begun as early as spring 2020.
“The actors behind this campaign gained access to numerous public and private organizations around the world,” the post reads.
On the same day, the U.S. Department of Homeland Security issued an emergency directive, urging all federal agencies to remove the affected software.
President-elect Joe Biden, who is set to be inaugurated on Jan. 20, said he will make “dealing with this breach a top priority from the moment we take office.”
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
SolarWinds has asked its customers to upgrade to the latest version of its Orion platform “as soon as possible to better ensure the security of your environment.”
What has Canada said?
In a statement to Global News on Saturday, Evan Koronewski, a spokesperson for the Communications Security Establishment (CSE), confirmed its Cyber Centre is “working with its partners in the private and public sectors across Canada to address this sophisticated cyber security incident.”
“We are working with government partners, including Shared Services Canada, to ensure the Government of Canada’s systems and networks remain secure and functioning as expected,” he said in an email.
Koronewski said the situation “remains ongoing,” adding that the Cyber Centre is “actively engaged with our government and non-government partners sharing cyber security advice and guidance mitigation, and operational updates.”
The CSE said the Cyber Centre does not comment on reporting by Canadian organizations regarding cyber incidents.
“As a result, we do not have any further information to add on potential victims,” the email read.
On Monday, the centre issued an alert to notify IT professionals of the cyber threat. It also shared the guidance from SolarWinds on how to mitigate a potential breach.
–With files from Sean Boynton, Amanda Connolly, The Associated Press and Reuters