Washington CNN  — 

Outgoing Attorney General William Barr on Monday said it “certainly appears” Russia is behind a massive cyberattack on US federal government agencies, an accusation that is in contrast with President Donald Trump, who has avoided condemning Moscow for the incident.

“I agree with Secretary Pompeo’s assessment. It certainly appears to be the Russians, but I’m not going to discuss it beyond that,” Barr said at a news conference, referring to Secretary of State Mike Pompeo’s comments last week that “we can say pretty clearly that it was the Russians that engaged in this activity.”

It’s the latest notable break by Barr from Trump’s political agenda. At the same news conference, he said there was no need to appoint a special counsel to investigate President-elect Joe Biden’s son Hunter, and the attorney general has disputed Trump’s false claims of widespread voter fraud.

Barr’s comments also underline Trump’s extraordinary willingness to dispute top officials in his own administration who have pointed to Russia as a suspect when condemning nefarious activity.

In his first public comments on the cyberattack over the weekend, Trump suggested that “it may be China” that’s responsible, even though White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it Friday afternoon before being told to stand down, people familiar with the plans have told CNN. Officials initially weren’t told why the statement was pulled back.

The statement, the people said, placed blame on Russia for orchestrating the attack but left open the possibility that other actors were involved.

Officials in the Trump administration have said the cyberattack “poses a grave risk” to networks across both the public and private sector. At least half a dozen federal agencies – including the Department of Homeland Security’s cyber arm and the Departments of Agriculture, Commerce, Energy and State – were known to have been targeted in the attack, which impacted a third-party software’s vendor system.

Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack.

Kevin Mandia, the CEO of FireEye, the cybersecurity firm that discovered the breach, said on CBS’s “Face the Nation” Sunday that the sophistication of the SolarWinds operation meant there was “definitively a nation behind this,” adding that US investigators were working to attribute the hack with 100% certainty.

Mandia said the hackers conducted a “dry run” in October 2019 to change code in the SolarWinds Orion platform, but it was innocuous. Then, in March, the attackers put in the malicious code into the supply chain.

“It was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our careers,” he said.

Mandia said while 18,000 companies had the malicious code in their network, there are about 50 organizations or companies that were impacted by the threat.

Trump’s reluctance to blame Russia for the hack recalls several notable incidents during his presidency in which he responded similarly. Most notably, he took the word of Vladimir Putin over the findings of US intelligence agencies in 2018 when he publicly accepted the Russian President’s denial of interfering in the 2016 US presidential election.

Trump has also declined to press Putin over US intelligence that alleged Russia offered bounties to Taliban fighters to kill US troops in Afghanistan, at one point referring to it as an “issue that many people said was fake news.”

This story has been updated with additional background information.

CNN’s Jeremy Herb, Veronica Stracqualursi, Kevin Liptak, Jennifer Hansler, Allie Malloy, Devan Cole, Christina Carrega and Jeremy Diamond contributed to this report.