Secretary of State Mike Pompeo has blamed Russia for a, saying "it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
He said "there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well."
Pompeo made the remarks Friday on the conservative talk show "The Mark Levin Show." He said "we're still unpacking precisely what it is, and I'm sure some of it will remain classified."
However, President Trump contradicted Pompeo, writing on Twitter that China "may" have been responsible for the attack.
"The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of...discussing the possibility that it may be China (it may!)," Mr. Trump wrote in two tweets, tagging Pompeo and Director of National Intelligence John Ratcliffe.
However, Senator Marco Rubio, the acting chair of the Senate Intelligence Committee, wrote on Twitter that he agreed with Pompeo.
"Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history The process of determining its extent & assessing the damage is underway Remediation will take time & significant resources Our response must be proportional but significant," Rubio said.
It may take months before the U.S. and other nations and some businesses can determine the extent of the damage done by the brazen attack, which went undetected for months. Sources told CBS News it is believed to be the largest cyber espionage campaign in U.S. history, and it's not over.
"This was really an attack of massive scale," Microsoft's president Brad Smith told CBS News senior investigative correspondent Catherine Herridge.
The Kremlin has denied any involvement.
Smith said the attack spans at least eight countries, with 80% of the targets in the U.S., including many of the company's clients. Targets included the State, Energy, Treasury and Homeland Security departments.
"This attack is still taking place. The industry is scrambling, people in government are scrambling to get it under control, but it's not under control yet," he said.
Among the concerns: that the breach at the Treasury Department may have exposed taxpayer information.
"The impact is extraordinary," said former FBI operative Eric O'Neill. "Any information of yours ... may have been compromised by very sophisticated attackers."
Officials say the tactics are similar to other large-scale attacks blamed on Russia. But investigators can't rule out other foreign adversaries.
Smith said, "We should assume that the number of victims is going to increase."
"This is a bit like a natural disaster," he said.
Sources say the hackers may have roamed free in unclassified systems and impersonated high-level officials to gain access to classified information.
The hackers made their move at least as early as March and remained undetected until last week.
President-elect Joe Biden, who takes office in just over a month, said in a statement this week the intrusions were "a matter of great concern" and pledged to impose "substantial costs on those responsible for such malicious attacks."