Multiple US federal bodies have been targeted by a "months-long" and "highly-sophisticated" cyberattack.
The hack, which affected Treasury and Commercial departments, as well as businesses, is believed to have begun in spring 2020.
It was discovered by Californian cybersecurity company FireEye, which was also targeted in the attack.
"We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain," said FireEye in a statement.
According to IT experts, malware entered systems through an update of software produced by US firm SolarWinds, which is used by thousands of organisations.
FireEye added that the attack was "state-sponsored", though the company did not specify by which nation it was referring to.
A US official who spoke on condition of anonymity told The Associated Press that Russian hackers were suspected of being behind the hack.
On Monday, Kremlin spokesman Dmitry Peskov rejected the accusations.
Cyber Security Expert founder Robert Pritchard told Euronews that the attack was likely part of an "espionage campaign", and demonstrates that even the most widely-used software cannot be trusted completely.
Find out more on this story in the above video player.