But on Monday there was no public declaration attributing the hacking to Russia, perhaps reflecting Mr. Trump’s reluctance to confront Moscow over the issue and the doubts he has expressed about the seriousness of the attack.
The meeting, according to one senior administration official, was intended to “take stock of the intelligence, the investigation and the actions being taken to remediate” the attack. Absent from that description was any preparation for imposing a cost on the attacker. Mr. Trump did not attend the meeting.
Both President-elect Joseph R. Biden Jr. and his incoming chief of staff, Ron Klain, have said in recent days that the response once Mr. Biden was in office would go beyond sanctions to disabling the attacker’s abilities. But he will probably find the government’s response options are limited because of fear of escalation.
The list of attendees at the meeting was notable because it provided some indication of which parts of the government might have been affected. White House officials said Treasury Secretary Steven Mnuchin, Commerce Secretary Wilbur Ross, the acting homeland security secretary Chad F. Wolf and Energy Secretary Dan Brouillette were present. All of those agencies were previously identified by news organizations as targets of the hacking.
John Ratcliffe, the director of national intelligence, participated in the meeting; so did Gina Haspel, the C.I.A. director, and Gen. Paul M. Nakasone, the director of the National Security Agency and the commander of the United States Cyber Command. Secretary of State Mike Pompeo, who was the first high-ranking administration official to acknowledge that Russia was the most likely source of the attack before he was undercut by Mr. Trump, did not attend. His deputy, Stephen E. Biegun, stood in for him.
General Nakasone, an experienced cyberwarrior who is responsible for the defense of national security systems, has been silent since the hacking was revealed. At the N.S.A. and Cyber Command, officials said, there was extraordinary embarrassment that a private company, FireEye, had been the first to alert the government that it had been hacked.
According to the details released by Mr. Wyden, once the Russian hackers used the SolarWinds software update to get inside Treasury’s systems, they performed a complex step inside Microsoft’s Office 365 system to create an encrypted “token” that identifies a computer to the larger network.