“I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified,” he added.
At least half a dozen federal agencies are now known to have been targeted, including the Department of Homeland Security’s cyber arm and the Departments of Agriculture, Commerce, Energy and State. Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack.
“Suffice it to say, there was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems and it now appears systems of private companies and companies and governments across the world as well,” Pompeo said.
The White House said Friday that Trump is being briefed and “working very hard” in dealing with the hack.
Asked about Trump’s silence on the matter, Pompeo noted there was work going on behind the scenes.
“There are many things that you’d very much love to say, ‘Boy, I’m going to call that out,’ but a wiser course of action to protect the American people is to calmly go about your business and defend freedom,” he said.
The Russian embassy in Washington has denied involvement in the hack.
But Moscow has been linked to several recent breaches, including the 2016 hacking of Democratic officials during the US presidential election.
CNN previously reported that a Russian-affiliated group known as APT29 was behind the attack on FireEye.
That same evening, FireEye identified the source of its own intrusion as malware hidden in its software updates published by the software vendor SolarWinds, which is used by a number of federal civilian agencies for network management.
As many as 18,000 SolarWinds customers, including US government agencies and Fortune 500 companies, had been sent the updates containing the malware.
CNN’s Zachary Cohen, Brian Fung, Kaitlan Collins, Alex Marquardt and Jason Hoffman contributed to this report.