The hacking campaign, which used U.S. tech company SolarWinds as a springboard to penetrate federal government networks, was "impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations," the Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on its website.
The CISA said last week that U.S. government agencies and critical infrastructure entities were among those affected, but did not specifically mention state or local bodies.
CISA did not immediately return an email seeking additional detail on the notice.