The Obama administration hit Russia with sanctions Thursday and expelled 35 Russian intelligence agents over suspected cyberattacks aimed at influencing the U.S. presidential election, a move that highlighted another rift between President Obama and President-elect Donald Trump, who urged the administration to move on from the episode.
The series of retaliatory measures against Moscow marked the first time that the U.S. has named individual Russians involved in cyberattacks. The administration calls the punishment a proportional response to a hacking operation that U.S. officials said was an effort to defeat Democratic presidential nominee Hillary Clinton.
“All Americans should be alarmed by Russia’s actions,” Mr. Obama said in a statement. “These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences.”
The government also released a report with some declassified details of the Russian hacking operations, which the U.S. government is calling “Grizzly Steppe.”
Mr. Trump, in a statement late Thursday, said that “it’s time for our country to move on to bigger and better things.”
“Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation,” he said.
The president’s executive order sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; and four individual officers of the GRU. In addition, the Treasury designated two Russians for using cyber-enabled means to cause misappropriation of funds and personal identifying information.
The State Department is also shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence gathering, and declared the 35 Russian intelligence operatives as “persona non grata.” The personnel and their families, from the Russian Embassy in Washington and the Russian Consulate in San Francisco, were given 72 hours to leave the U.S.
A spokesman for Russian President Vladimir Putin said the Kremlin regrets the U.S. actions and will consider retaliatory measures.
“You realize, of course, reciprocal steps will be made and the U.S. Embassy in Moscow and, quite possibly, the consulates will be cut down to size as well,” Vladimir Dzhabarov, deputy chairman of the foreign policy committee in the Russian Duma, told the Tass news agency after the sanctions were announced.
The Russian Embassy in London posted a photo on Twitter of a duckling with the word “lame” on it, a reference to Mr. Obama. The tweet also called his actions “Cold War deja vu.”
“Everybody, incl [American] people, will be glad to see the last of this hapless Adm.,” the tweet said.
A Russian Foreign Ministry spokeswoman said any action against Russian diplomatic missions in the U.S. “will immediately bounce back on U.S. diplomats in Russia.”
Mr. Obama has vowed to carry out other covert retaliatory cybermeasures against Russia, but he said those actions may never be revealed publicly.
U.S. officials told the Reuters news agency that the administration will avoid any moves such as interfering with Russian internet messaging that exceed Russia’s involvement in the U.S. election and risk an escalating cyberconflict that could spiral out of control.
The president said Thursday that his administration “will continue to take a variety of actions at a time and place of our choosing.”
Aside from the diplomatic expulsions and public “naming and shaming,” the action will allow the Treasury to freeze assets of individuals accused in the operation.
House Speaker Paul D. Ryan, Wisconsin Republican, said he supports the sanctions and called them overdue.
“Russia does not share America’s interests,” Mr. Ryan said. “It has consistently sought to undermine them, sowing dangerous instability around the world. While today’s action by the administration is overdue, it is an appropriate way to end eight years of failed policy with Russia.”
Sen. Ben Sasse, Nebraska Republican, called the sanctions “too little, too late.”
“These meager steps will not decisively change Putin’s calculation that his aggressions are worth the risk,” Mr. Sasse said.
Indeed, Mr. Obama famously ridiculed Republican challenger Mitt Romney’s notion that Russia was a major threat during one of the 2012 presidential debates with the punch line, “The 1980s are now calling to ask for their foreign policy back. Because the Cold War has been over for 20 years.”
Imposing the sanctions was also an attempt to box in Mr. Trump. He will need to decide whether to lift the penalties after he is inaugurated Jan. 20, with lawmakers in both parties supporting the sanctions and liberals increasingly deriding Mr. Trump as a Russian puppet.
Mr. Trump has rejected U.S. intelligence assessments that Russia was responsible for the theft of Democratic officials’ campaign emails and other documents, which were publicized online by WikiLeaks.
Sen. Charles E. Schumer, New York Democrat and incoming minority leader, said he hopes the Trump administration, “which has been far too close to Russia throughout the campaign and transition, won’t think for one second about weakening these new sanctions or our existing regime.”
“Both parties ought to be united in standing up to Russian interference in our elections, to their cyberattacks, their illegal annexation of Crimea and other extralegal interventions,” Mr. Schumer said. “I strongly support the steps the administration is taking to fight back against Russia’s interference in our election. We need to punch back against Russia and punch back hard.”
Russian Foreign Ministry special envoy Andrey Krutskikh said Moscow hopes Mr. Trump will lift any sanctions that Mr. Obama imposes.
A senior administration official said Mr. Trump could reverse some of the actions but warned against such a move.
“These are executive actions, so if a future president decided that he wanted to allow in a large tranche of Russian intelligence agents, presumably a future president could invite that action,” the official said on a conference call with reporters.
“We think it would be inadvisable. The officials who were sanctioned were participating in malicious cyberattacks on U.S. critical infrastructure and interfering [with] our democratic process. Hypothetically, you could reverse those sanctions, but it wouldn’t make a lot of sense,” the official said.
Trump transition spokesman Sean Spicer, asked about the sanctions, told reporters that “a lot of folks on the left that continue to undermine the legitimacy of his win — that’s unfortunate,” but “if the U.S. has clear proof of anybody interfering in our elections, we should make that known.”
CIA officials said anonymously this month that they had “high confidence” that Russian hackers tried to sway the election in Mr. Trump’s favor. The administration up until Thursday hadn’t provided documentation to support its October assessment of Moscow’s interference.
The White House said Thursday that the Russian GRU “is involved in external collection using human intelligence officers and a variety of technical tools, and is designated for tampering, altering, or causing a misappropriation of information with the purpose or effect of interfering with the 2016 U.S. election processes.”
The administration also released some declassified technical information on Russian civilian and military intelligence services’ malicious cyberactivity, to better help network security officials “identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.”
The report from the FBI and Department of Homeland Security said the Russian cyberoperations included spear-phishing campaigns targeting political organizations, think tanks, government agencies, universities and corporations.
Using dozens of names such as Energetic Bear, EVILTOSS and SOURFACE, Russian actors sent emails containing a malicious link to more than 1,000 recipients in the summer of 2015, the report said.
The first group, known as Advanced Persistent Threat 29, entered the Democratic Party’s systems in summer 2015, and the second, known as APT28, entered this spring.
“In the course of that campaign, APT29 successfully compromised a U.S. political party,” the report said. “At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.”
This spring, the government said, APT28 compromised the same political party, again via spear-phishing.
“This time, the spear-phishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure,” the report said. “Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. government assesses that information was leaked to the press and publicly disclosed.”
• David Sherfinski contributed to this article, which is based in part on wire service reports.