The US energy department is the third agency to confirm that it was hit by Sunburst hack. It is being described as the worst-ever cyber attack on the US government.
The department regulates US nuclear weapons but said the department’s security had not been compromised.
On Thursday, tech giant Microsoft also reported that it had found malicious software in its systems.
Many doubt the Russian government is responsible. Though, it has denied any involvement.
The US commerce and treasury departments are among the other targets of the complex, months-long violation, which was first accepted by officials on Sunday.
Experts, who name the hack Sunburst, say it can take years to understand what is one of the most significant cyberattacks on the US authorities.
President Donald Trump did not comment on the cyber-attacks.
Meanwhile, Joe Biden, the US President-elect has pledged to make cyber-security a “prime priority” of his administration.
“We need to deter and disrupt our enemies from undertaking serious cyber-attacks in the first place,” he said.
“We will do that by, imposing considerable costs on those responsible for such spiteful acts, including in coordination with our partners and allies.”
The Cybersecurity and Infrastructure Agency (Cisa), America’s top cyber agency, gave a sharp warning on Wednesday, saying that tackling the intrusion would be “highly challenging and complex.”
It said “censorious infrastructure” had been damaged, private sector and federal agencies compromised, and that the hack posed a “serious threat.”
The hack started in March 2020, and those responsible had “shown complex tradecraft, operational security and patience,” the Cisa said.
The agency did not reveal what information had been exposed or stolen.
Conveying the attack on the energy department, the US spokeswoman Shaylyn Hynes confirmed it was reacting to a cyber-attack – but said: “the virus has been secluded to business networks only.”
She stated the security at the National Nuclear Security Administration (NNSA) is not affected.