“I can’t say much more as we are still unpacking exactly what it is, and I’m sure some of it will remain secret,” he added.
At least half a dozen federal agencies are now known to be targeted, including the Cyber Division of the Department of Homeland Security and the Departments of Agriculture, Commerce, Energy and State. Researchers are still trying to determine what government data may have been accessed or stolen during the hack.
“Suffice it to say that a significant effort has been made to use a piece of third-party software to essentially embed code into US government systems and it now also appears to be systems of private companies and companies and governments around the world” , Pompeo said. .
The White House said Friday that Trump is being briefed and is “working very hard” to address the hack.
When asked about Trump’s silence on the matter, Pompeo noted that work was going on behind the scenes.
“There are many things you would really like to say, ‘Boy, I’m just going to call that,’ but a wiser way to protect the American people is to proceed calmly and defend freedom,” he said .
The Russian Embassy in Washington has denied involvement in the hack.
But Moscow has been linked to several recent breaches, including the hacking of Democratic officials during the 2016 US presidential election.
CNN previously reported that a Russian-affiliated group known as APT29 was behind the attack on FireEye.
That same evening, FireEye identified the source of its own intrusion as malware hidden in its software updates published by software vendor SolarWinds, which is used by a number of federal civil network management agencies.
As many as 18,000 SolarWinds customers, including US government agencies and Fortune 500 companies, had received the updates with the malware.
CNN’s Zachary Cohen, Brian Fung, Kaitlan Collins, Alex Marquardt and Jason Hoffman contributed to this report.