The extent of the damage was unclear. The department said that 3% of its Microsoft Office 365 email accounts were potentially affected, but did not say to whom those accounts belonged. There are no indications that classified systems were affected, the agency said.
The department said it detected on Dec. 24 “previously unknown malicious activity” linked to the broader intrusions of federal agencies revealed earlier that month, according to a statement from spokesman Marc Raimondi.
The statement came one day after federal law enforcement and intelligence agencies formally implicated Russia in the intrusions, which officials said were part of a suspected intelligence-gathering operation. President Donald Trump had previously raised without evidence the idea that China could be to blame.
The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defense contractors and telecommunications companies for months by the time the breach was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.
An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds. Of those customers, though, “a much smaller number has been compromised by follow-on activity on their systems,” the statement said, noting that fewer than 10 federal government agencies have so far been identified as falling into that category.