A senior member of Donald Trump’s administration has accused Russia of carrying out a massive cyber hack that penetrated top secret US government agencies.
Secretary of State Mike Pompeo described the attack as a “pretty significant effort”.
“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he told the Mark Levin radio show.
It is the first time a member of the administration has pointed the finger at Moscow in public.
President Trump has yet to make any remarks or tweets about what security officials say is a “significant and ongoing” cyber hacking campaign. US media reports have said Russia’s foreign intelligence service, the SVR, is thought to be behind the attack.
The Kremlin has denied any involvement.
Officials in the UK are also scrambling to find out whether any UK government networks have been compromised.
A security source said so far the only known British victims are a small number of organisations not in the public sector.
But it is the early days of the investigation. The hackers used tools that had not been seen before, making the ability of investigators to identify breaches much harder.
Cyber security experts in the United States were the first to raise the alarm about the hacking campaign last week.
Paul Chichester, the director of operations at the UK’s National Cyber Security Centre (NCSC), which is part of the spy agency GCHQ, urged companies to take “immediate steps” to protect their networks.
“This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact,” he said in a statement.
A spokeswoman has said there was no threat to the US nuclear weapons stockpile.
“They managed clearly to gain access to a lot of secure areas. They are going to be very hard to get out,” Mr Hultquist told Sky News.
What appear to have been a highly sophisticated team of hackers used various ways to compromise public and private sector computer networks.
One was through a piece of software called Orion made by the technology firm SolarWinds.
Malicious code was inserted into an update for this software, used by thousands of customers. Once the update was installed the hackers had access to a trove of networks, including into the US government and Microsoft.
But just the act of updating the infected software does not mean a system has been compromised.
With such a huge list of potential targets, it appears the hackers carefully selected the companies and government agencies they wanted to exploit.
They could do this by stealing secrets, changing important data or just sitting on systems spying. As things stand, the scale of the damage or potential theft is not yet known.
Donald Trump, the outgoing president, has yet even to make any public mention of the attack even though his successor, Joe Biden, has said dealing with the breach will be a “top priority” for his administration from the moment he takes office.
