President-elect Joe Biden has called a massive cyber hack of the US government a “great concern” and said it will be a top priority for him from the moment he takes office.
Reports have linked the attack – which has been going on at least since March – to Russia but there has not yet been any official attribution.
Offering a sense of scale of the breach, the departments of defence, state, treasury, homeland security and commerce are among those thought to have been hacked.
It means some of the US government’s most sensitive secrets could have been stolen, while spyware could be lurking on networks and data could be remotely altered or deleted.
Tech giant Microsoft has denied hackers had compromised its systems and insisted there was no evidence they were used to attack any of its customers, including the US government.
The statement from Mr Biden underlined the seriousness of the attack. Incumbent President Donald Trump has yet to comment even though the hacking occurred on his watch.
“We have learned in recent days of what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including US companies and federal government entities,” the president-elect said.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern.
“I want to be clear; my administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office.”
Mr Biden also indicated that his administration would punish those responsible.
“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” he said.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”
The Cybersecurity Infrastructure Agency (CISA), which helps to protect the United States from cyber attacks, issued updated information on the hack, which first emerged last week, revealing that the scale is even larger than first feared.
It said that hackers had used other techniques besides corrupting updates of a piece of network management software by a technology company called SolarWinds.
An alert had already been issued about a compromise in the SolarWinds software, which is used by a number of government departments as well as large US corporations.
CISA also gave a sense of the sophistication and skills of the hackers and how difficult it will be to secure compromised networks.
“This APT (advanced persistent threat) actor has demonstrated patience, operational security, and complex tradecraft in these intrusions,” the agency said.
“CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations.”
Cybersecurity officials as well as the FBI and the Office of the Director of National Intelligence are working together to deal with the hack.
Robert O’Brien, the national security adviser, cut short a trip to Europe this week to return to Washington because of the crisis.
Members of congress are due to receive a classified briefing on the breach on Friday.