WASHINGTON — The U.S. intelligence community stated Tuesday that Russia is “likely” behind a major and ongoing series of cyberhacks of federal government agencies and private companies – its first official indication of blame.

The statement, issued jointly by four agencies in a special task force, counters President Trump’s baseless suggestion last month that the intrusions might have been the work of Chinese hackers.

Secretary of State Mike Pompeo had said the breaches were “clearly” Russian in origin, and U.S. officials have for weeks said privately that Moscow’s foreign intelligence service carried them out.

The breaches were so alarming that they had government and private-sector personnel working through the holidays to identify and mitigate breaches, the task force said, describing them as “ongoing cyber compromises.” That sense of urgency stands in contrast to Trump’s effort last month to downplay the significance of the breaches when he said “everything is well under control.”

“It’s unfortunate that it has taken over three weeks after the revelation of an intrusion this significant for this administration to finally issue a tentative attribution,” said Sen. Mark Warner, D-Va., the ranking member on the Senate Intelligence Committee. “We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response.”

Russia has denied involvement.

The statement also said fewer than 10 federal entities had their networks breached, though that list includes major agencies such as the Departments of State, Treasury, Homeland Security, Energy and Commerce.

People familiar with the matter, speaking on the condition of anonymity because the investigation is ongoing, have told The Washington Post that as many as 250 government and private-sector entities have been compromised, though investigators are working to ascertain the scope of the hacks and to notify nongovernment entities affected.

Shortly after the intrusions were discovered last month, the National Security Council stood up a task force known as the Cyber Unified Coordination Group to coordinate the investigation and remediation of the incident.

The task force is made up of the FBI, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence, with support from the National Security Agency.

“We believe this was, and continues to be, an intelligence-gathering effort,” the task force said. That’s an indication that officials have not found evidence of intent to cause the disruption or destruction of networks, or use hacked material for an operation aimed at sowing discord in the United States, as Russia did in 2016.

Rather, the statement indicated, the operation was more in line with traditional espionage, stealing material that might prove useful to the Kremlin. That might include information on U.S. policy decisions, potential sanctions, or data on how the government or industries protect their networks.

“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the statement said.

It is unclear whether the Trump administration will do more than publicly call out Moscow for the hacks. In past cases involving cyberespionage, the U.S. has refrained from doing so on the ground that the offending spy agency was doing what all nations with such capabilities, including the United States, do – spy on each other’s networks.

But that does not mean the government cannot take actions. The United States and Russia have expelled spies or diplomats in response to espionage operations.

“We need to be able to respond to these incidents so they don’t go unchallenged,” said Christopher Painter, the top cyberdiplomat in the Obama administration. “When we don’t do that, we just invite further action. We don’t want to be escalatory, so want to figure out what the right action is.”

Copy the Story Link