- Trump's comments in the form of Twitter posts on Saturday went against comments his secretary of state made less than 24 hours earlier.
- SolarWinds, the company at the center of the attack, has not yet blamed any one country.
President Donald Trump suggested Saturday that China might have been behind a cyberattack affecting multiple U.S. government agencies and companies, despite Secretary of State Mike Pompeo's allegation hours earlier that Russia was likely behind the attack.
The assertion adds confusion to an already complex situation, as cybersecurity workers strive to figure out a hack that came to light less than week ago. At that time Reuters reported, citing people familiar with the matter, that attackers were affiliated with Russia.
"Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of........discussing the possibility that it may be China (it may!)" Trump wrote in a pair of tweets.
A U.S. official confirmed to NBC News on Saturday that White House officials were planning to issue a statement on Friday that would say Russia was responsible for the cyberattack but were told to stand down. The Associated Press reported on the White House's plans earlier on Saturday. Two officials told NBC News that Trump's tweets had caught White House off guard.
"At this time the NSC is focused on investigating the circumstances surrounding this incident, and working with our interagency partners to mitigate the situation," National Security Council spokesperson told NBC News. "There will be an appropriate response to those actors behind this conduct."
Russia has been a sensitive topic for Trump. An investigation led by Robert Mueller found that the Russian government had interfered in the 2016 election that resulted in Trump becoming president. Trump said in 2019 that he had never worked for Russia, after The New York Times reported the Federal Bureau of Investigation had begun looking into whether he had become influenced by the Kremlin.
Shares of management software maker SolarWinds have fallen nearly 40% over the past week, during which it started to become clear how many organizations installed updates to software that had included a vulnerability likely introduced by attackers between March and June. Cisco, Microsoft and VMware are among the companies that have said in recent days that they were impacted.
The Energy Department confirmed Thursday that the attack had reached its business networks. Last weekend the Commerce Department said it had been breached, and NBC News reported that the White House National Security Council said it was investigating a possible breach at the Treasury Department.
Sen. Marco Rubio, a Republican representing Florida, said in a Saturday tweet that it was "increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history."
SolarWinds itself has not assigned blame to a specific country.
"While security professionals and other experts have attributed the attack to an outside nation-state, we have not independently verified the identity of the attacker," the company said in a regulatory filing on Thursday.