But as his administration winds down, Secretary of State Mike Pompeo is publicly blaming Moscow for a massive cyberattack that has affected several government agencies, including the most sensitive ones that oversee the nuclear weapons stockpile and COVID-19 vaccine research.
Less than 24 hours later, Trump contradicted that with his first comments on the SolarWinds hack, tweeting that it was exaggerated by the media and that China could be responsible.
It fits a familiar pattern of the last four years -- senior Trump officials trying to be tough on Moscow, while Trump downplays the threat. Amid the ongoing hack, Pompeo is also closing the last two U.S. consulates in Russia, citing the caps on American personnel that Moscow has forced on the U.S. mission in recent years.
Once welcomed by Trump, those caps, which have hamstrung U.S. diplomats, were Russian retaliation against U.S. sanctions for its aggression online, in neighboring Ukraine, and with chemical weapons.
"This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo told conservative radio host Mark Levin late Friday, hours before Trump's tweet.
But Pompeo also indicated that the administration is not planning to take any action against Vladimir Putin's government, at least not publicly: "There are many things that you'd very much love to say, 'Boy, I'm going to call that out,' but a wiser course of action to protect the American people is to calmly go about your business and defend freedom."
The SolarWinds hack is a "significant and ongoing cybersecurity campaign," according to the FBI, the Department of Homeland Security and the Office of the Director of National Intelligence. The intrusion involves software from SolarWinds, which makes IT management tools, that had been "Trojanized" with a vulnerability that could be exploited by hackers to steal information, manipulate systems or plant trap doors and other exploits for future use.
Russia has denied responsibility for the hack. So far, the Departments of State, Homeland Security, Commerce, and Energy, as well as the National Institutes of Health all have reportedly been affected.
"The magnitude of this ongoing attack is hard to overstate," Trump's former homeland security adviser Thomas Bossert wrote this week. "If it is Russia, President Trump must make it clear to Vladimir Putin that these actions are unacceptable. The U.S. military and intelligence community must be placed on increased alert; all elements of national power must be placed on the table."
After days of silence, Trump claimed on Saturday that the media is exaggerating the security breach's impact. He said he has "been fully briefed and everything is well under control."
He went on to tweet that China may be behind the attack instead of Russia and claimed that there "could also have been a hit on our ridiculous voting machines during the election."
While no public response seems to be coming soon, the U.S. is being forced to take another step that will cut into relations with Russia -- closing its last two consulates in the country.
A State Department spokesperson confirmed to ABC News Friday that Pompeo, in consultation with U.S. ambassador to Russia, John Sullivan, decided to permanently close the U.S. consulate in Vladivostok and temporarily close the one in Yekaterinburg.
This leaves just the U.S. embassy in Moscow as the only U.S. mission in the country. Russia forced the U.S. to close its consulate in St. Petersburg in 2018 in retaliation for the U.S. shuttering its facility in Seattle because of the poisoning of former spy Sergei Skripal and his daughter Yulia in the United Kingdom.
The U.S. facility in Vladivostok, Russia's major Pacific port near the border with North Korea, had been closed since March because of COVID-19 when most of its staff evacuated. The consulate in Yekaterinburg, Russia's fourth-largest city, was the only U.S. mission for the center of Russia.
The spokesperson said in a statement that the decision was "part of our ongoing efforts to ensure the safe and secure operation of the U.S. diplomatic mission in the Russian Federation" and "was taken to optimize the work of the U.S. mission."
But in a private notice to Congress, sent last week and first obtained by The Associated Press Friday evening, the department said it was a "response to the ongoing staffing challenges of the U.S. Mission in Russia in the wake of the 2017-imposed personnel cap on the U.S. Mission and resultant impasse with Russia over diplomatic visas."
Russia imposed caps on the U.S. presence in 2017 in retaliation to sanctions placed by the Obama administration over the 2016 election interference --- a move that has hamstrung U.S. diplomats, but which President Trump said he was "very thankful" for though the White House later said he was being "sarcastic." That low point in U.S.-Russian relations is rivaled by the current one, with Russia believed to be responsible for the massive SolarWinds hack, which has also affected the private sector. Pompeo is the first U.S. official to go on the record and blame the Russian government, after U.S. officials told ABC News and other outlets that Moscow was likely responsible.
"We're still unpacking precisely what it is, and I'm sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well," Pompeo also told Levin.
But the U.S. doesn't expect to take action against Russia's remaining diplomatic facilities here, the State Department spokesperson said. Russia still has consulates in Houston and New York, as well as its Washington embassy.
ABC News' Elizabeth Thomas, Luke Barr and Jack Date contributed to this report.