Secretary of State Mike Pompeo said China and North Korea, rather than Russia, present the biggest cyber security threat to the U.S. on Monday, as the furore over the SolarWinds hack—believed to be directed by Moscow—swelled to include the State Department and other federal agencies.
It was confirmed this weekend that hackers have been snooping on internal communications at the Treasury and Commerce departments for months, having gained access via software updates from the Texas-based SolarWinds company.
SolarWinds supplies services to a large number of government agencies and bodies—though on Monday declined to provide further details to Newsweek—and the hackers appear to have compromised several others and gained access to as yet unknown amounts of internal communications and information.
Among those caught up in the operation is the State Department. But Pompeo said during a radio interview with Breitbart News on Monday that Pyongyang and Beijing pose the greatest cyber concerns, even as the huge significance of the SolarWinds hack was beginning to crystallize.
"It's an ongoing battle, an ongoing struggle to keep our systems safe," Pompeo said of American responses to cyber intrusions by foreign states and others.
"I can't say much other than it's been a consistent effort of the Russians to try and get into American servers, not only those of government agencies but of businesses," he added. "We see this even more strongly from the Chinese Communist Party, from the North Koreans as well."
"I'm very confident the United States government will keep our classified information out of the hands of these bad actors," Pompeo said.
The Washington Post was the first to report that the State Department had been hacked, alongside the Department of Homeland Security and the National Institutes of Health. They join a list already including the Treasury and Commerce departments.
The list is expected to grow longer as the investigation into the attack continues. SolarWinds' website says the company provides services to the Pentagon and all five branches of the military, the National Security Agency, and the White House, among others.
The company told Newsweek Monday it would not provide any details on which other clients use the Orion program thought to have been hijacked by the hackers, allowing them access at some point between March and June this year.
SolarWinds said it is coordinating with the FBI, the intelligence community, and other law enforcement bodies to investigate. "We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state," the company said.
A subsequent SolarWinds Securities and Exchange Commission filing said 18,000 of the company's customers have been affected by the hack.
The U.S. government has not yet identified Russia as the attacker, but several anonymous sources briefed on the intrusion said Moscow-backed operatives are believed to be responsible. The Russian embassy in Washington, D.C. has dismissed these reports as "unfounded."
