A group of “highly sophisticated” hackers backed by a foreign government have been monitoring internal email traffic at the US Treasury Department and an agency that decides internet and telecommunications policy, insiders say.
The hack was the subject of a National Security Council meeting at the White House on Saturday, a source told Reuters, which was first to report the hack.
"The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation," National Security Council spokesman John Ullyot said.
The hackers tricked the Microsoft platform's authentication controls, a source said.
There is concern within the US intelligence community that the hackers who also hit the Commerce Department's National Telecommunications and Information Administration used a similar tool to break into other government agencies.
They did not say which other agencies might be in danger.
The hack involves the telecoms authority's office software, Microsoft's Office 365.
Staff emails at the agency were monitored by the hackers for months, sources said.
"This is a nation state," a source said. "We just don't know which one yet."
The full scope of the hack is unclear. The investigation is still in its early stages and involves a range of federal agencies, including the FBI, insiders said.
There is some indication that the email compromise at the telecoms authority was in the summer, although it was only recently discovered, a senior US official said.
The Cybersecurity and Infrastructure Security Agency said it had been "working closely with our agency partners regarding recently discovered activity on government networks.
"CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises," the agency said.
The FBI and US National Security Agency did not immediately respond to a request for comment.
In September, the FBI warned that the Cybersecurity and Infrastructure Security Agency detected hackers linked to the Chinese government trying to compromise US government systems.
In some cases they have been successful using open sources, the agency said.
"CISA has consistently observed Chinese Ministry of State Security-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques and procedures to target US Government agencies,” the FBI said in September.
“In most cases, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits."
Some of the hacking linked to China has been intended to steal vaccine research, the US Department of Justice said in July.
The US authorised the Pfizer vaccine on Friday night and is set to administer the first shots on Monday.
The Department of Justice in September also indicted two people tied to Iran who were accused of hacking dozens of US websites in retaliation for the killing of Iranian general Qassem Suleimani.
Suleimani was killed in a January 3 drone strike in Baghdad.
