Hackers believed to be working for Russia have been monitoring internal email traffic at the US Treasury and Commerce departments, Reuters reported earlier this week, citing people who said they feared the hacks uncovered so far may be the tip of the iceberg.
"This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," said a joint statement issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI).
Technology company SolarWinds Corp, which was the key stepping-stone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.
"Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign," the joint statement said.
"The FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors," the statement said.
The FBI, CISA and ODNI have formed a Cyber Unified Coordination Group to coordinate the US government's response, it said.
White House national security adviser Robert O'Brien cut short a European trip on Tuesday and returned to Washington to deal with the attack.