The US Department of Energy, with responsibility for managing nuclear weapons, has emerged as a victim of a major suspected Russian hacking campaign.
A spokeswoman confirmed that the department was responding to a cyber breach but said that the security of the nuclear weapons had not been affected.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department,” Shaylyn Hynes said in a statement.
The security functions at the National Nuclear Security Administration, or NNSA, which is a branch of the department that manages the country’s nuclear weapons arsenal, were not impacted, she said.
The US government is scrambling to understand the scale of a cyber hack that security officials have described as “significant and ongoing”.
Computer systems at the Treasury and Commerce departments have been affected.
It is thought that the departments of defence, state and homeland security have also been compromised.
This means some of the United States’ most sensitive secrets could have been stolen, while spyware could be lurking on networks and data could be remotely altered or deleted.
Reports have linked the attack – which has been going on at least since March – to Russia but there has not yet been any official attribution.
Senator Deb Fischer, who chairs the subcommittee that oversees nuclear forces, said she was “troubled” that hackers accessed NNSA’s network.
She said the hack “reinforces the need to modernise our nuclear enterprise in order to ensure it remains safe, secure, and effective in the face of evolving threats”.
President-elect Joe Biden has said the cyber attack on the US government is of “great concern” and said it will be a top priority for him from the moment he takes office.
Incumbent President Donald Trump has yet to comment even though the hacking occurred on his watch.
“We have learned in recent days of what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including US companies and federal government entities,” the president-elect said.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern.
“I want to be clear; my administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office.”
Mr Biden also indicated that his administration would punish those responsible.
“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” he said.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”
Subscribe to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
The Cybersecurity Infrastructure Agency (CISA), which helps to protect the United States from cyber attacks, issued updated information on the hack, which first emerged last week, revealing that the scale is even larger than first feared.
It said that hackers had used other techniques besides corrupting updates of a piece of network management software by a technology company called SolarWinds.
An alert had already been issued about a compromise in the SolarWinds software, which is used by a number of government departments as well as large US corporations.
CISA also gave a sense of the sophistication and skills of the hackers and how difficult it will be to secure compromised networks.
“This APT (advanced persistent threat) actor has demonstrated patience, operational security, and complex tradecraft in these intrusions,” the agency said.
“CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations.”
Cybersecurity officials as well as the FBI and the Office of the Director of National Intelligence are working together to deal with the hack.
Robert O’Brien, the national security adviser, cut short a trip to Europe this week to return to Washington because of the crisis.
Members of congress are due to receive a classified briefing on the breach on Friday.