US intelligence agencies have said they believe Russia was behind the “serious” cyber compromise revealed in December.
President Trump had previously suggested China might have been behind the hack, although other members of his administration had pointed the finger at Moscow.
In a joint statement, the intelligence bodies say they currently believe fewer than 10 US government agencies saw their data compromised, although other organisations outside of government were also affected.
They say work is still going on to understand the scope of the incident, which appears to have been aimed at gathering intelligence and which they say is “ongoing” a month after details first emerged.
The update on the investigation came in a statement from a task force called the Cyber Unified Coordination Group which was set up to deal with the incident. It comprises intelligence and law enforcement agencies including the FBI and NSA.
The group said it was still working to understand the scope of what had taken place.
Soon after the incident was revealed, President Trump raised the possibility that China might be responsible, but members of his own administration including the secretary of state and attorney general pointed the finger at Moscow.
The latest statement shows the assessment of US intelligence agencies is that Russia was behind it, although it does not go so far as accusing the Russian state itself, saying only that the actor was “likely Russian in origin”. Moscow has denied playing any part.
President-elect Joe Biden has previously said it was important to take “meaningful steps” to hold those responsible to account. It is not yet clear, though, what that might involve. While some US politicians suggested the breach might even be compared to an “act of war”, most cyber-experts disputed this and the US intelligence community has now played down suggestions that it could have had destructive impact.
“At this time, we believe this was, and continues to be, an intelligence-gathering effort,” the latest statement says. This is significant since it suggests no evidence has been found that this was preparatory activity for a more destructive cyber-attack which might switch off systems. This may limit the US response since espionage operations do not breach the cyber norms the US itself promotes (largely because it too carries out such intelligence-gathering operations against other nations