Russian government hackers are behind the breach at the US Treasury and Commerce departments, says a report.
The hackers have been able to monitor email traffic within the departments for months, and it is not known how many other federal agencies they may have compromised.
Now the FBI is investigating the campaign by the hacking group working for the Russian foreign intelligence service, SVR, according to the Washington Post.
The hackers, who are known as Cozy Bear or APT29, are reportedly the same group that hacked the White House and State Department under the Obama administration.
APT 29 has also reportedly tried to steal research into the Covid vaccine.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
The hack is seen as so significant that a National Security Council meeting was held at the White House on Saturday over it, according to Reuters.
US intelligence chiefs are reportedly concerned that the hackers who broke into the Treasury department and the Commerce Department’s National Telecommunications and Information Administration, may have also broken into other government agencies.
“This is a much bigger story than one single agency,” one official told Reuters. “This is a huge cyber espionage campaign targeting the US government and its interests.”
The news comes just weeks after Donald Trump fired the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Christopher Krebs.
Mr Krebs had rebutted many of Mr Trump’s false claims about election fraud and hacking of the voting system.
The hackers reportedly broke into the NTIA’s email system, which uses Microsoft’s Office 365, and had been reading staff emails for months.
Microsoft has not commented.
“This is a nation state. We just don’t know which one yet,” said a person briefed with the hack.
The FBI, Homeland Security Department’s cybersecurity division and U.S. National Security Agency have yet to comment.
Reuters contributed to this report