President Donald Trump on Saturday said a cyberattack that impacted the U.S. Department of Treasury and Commerce Department's National Telecommunications and Informations Administration (NTIA) could actually be broader in scope and include voting machines.
He also claimed that Russia or China could be behind the cyber attack.
"The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)," Trump tweeted. "There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA."
The president concluded his tweet by tagging the Director of National intelligence, Daniel Ratcliffe, and Secretary of State Mike Pompeo.
The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of....
— Donald J. Trump (@realDonaldTrump) December 19, 2020
....discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
On Friday night, Pompeo told conservative radio host Mark Levin the Russians are likely the culprits behind the cyberattack.
"This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo said, according to CNN. "I can't say much more as we're still unpacking precisely what it is, and I'm sure some of it will remain classified."
According to a spokesman from the National Security Council earlier this week, hackers from a foreign government have monitored email traffic at the Department of the Treasury and NTIA. There were concerns that other government agencies were impacted and breached since it reportedly involved the use of Microsoft Office 365. Hackers allegedly tricked Microsoft's authentication protocols. Since then it has been reported that software management maker SolarWinds was likely infiltrated. Cisco, Microsoft and VMware have all said their software was impacted, CNBC reported.
Cybersecurity and Infrastructure Security Agency (CISA) said it could "take weeks, if not months" to dig deeper into the attack and "determine the total number of agencies affected by the attack and the extent to which sensitive data and information may have been compromised."
So far we know the Federal Energy Regulatory Commission, national laboratories in Sandia and Los Alamos, New Mexico and Washington, the National Nuclear Security Administration, and the Department of Energy's Richmond, Virginia field office all had potential hacking activity as well, POLITICO reported.
"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration," Department of Energy Spokeswoman Shaylyn Hynes said in a statement. "When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
Government officials believe the group known as Advanced Persistent Threat 29 (APT29) – commonly referred to as "Cozy Bear" – was responsible for the attack. The group are Russian hackers that are associated with the Kremlin, Yahoo! News reported.