Embedded malware found in US government networks and elsewhere "across the world" was "pretty clearly" the work of "the Russians," US Secretary of State Mike Pompeo has told conservative US talk show host Mark Levin.

Pompeo, who until Friday's interview had avoided apportioning blame, while mentioning China and North Korea as parallel threats, told Levin "now we can say pretty clearly that it was the Russians that engaged in this activity."

Private companies and governments "across the world as well" had been targeted using third party software to embed code, said Pompeo, adding: "This was a very significant effort."

Pompeo told Levin the outgoing Trump administration had kept mute as a "wiser course of action" to allow investigations to unfold following theinitial alert made last Sunday.

Russia has already denied involvement, with Kremlin spokesman Dmitry Peskov dismissed the allegations.

US president-elect Joe Biden has expressed "great concern" over the hack attack.

18,000 accounts infected

Last Monday, the Texas firm SolarWinds disclosed that up to 18,000 users of its popular Orion network-management software had been unwittingly infected, blaming what it termed an "outside nation-state."

Microsoft President Brad Smith, in a blog post Friday, said roughly 80% of affected customers were located inside the United States, but also extended to Britain, Belgium, Canada, Israel, Mexico, Spain and the United Arab Emirates.

Reuters, citing a British security source, said a small number of British organizations were compromised but "not in the public sector."

"The scale is daunting," said James Lewis, vice president of the US Center for Strategic and International Studies commenting on the disclosures.

"We also don't know what's been left behind. The normal practice is to leave something behind so they can get back in, in the future," said Lewis.

"This will be a long ride," said Dmitri Alperovitch, former chief technical officer of cybersecurity firm CrowdStrike, adding networks would need to be redesigned. "Clean-up is just phase one."

"Complex" intrusions as early as March

The US Cybersecurity and Infrastructure Security Agency (CISA) said intrusions had begun as early as March this year, and the actor behind them had "demonstrated patience, operational security and complex tradecraft."

CISA said the hack had not reached the USA's nuclear arsenal but only "business networks" of the entrusted US Department of Energy, which have since been disconnected.

The US government agencies that were reportedly breached include the Department of Homeland Security, the Treasury Department and the State Department.

Some breaches enabled emails to be monitored, but it was unclear what the hackers were seeking and what they did while infiltrating networks, said Reuters.

