The agencies said the widespread breaches appeared to be part of a spying, not a disruption, operation.
United States intelligence agencies have said that Russia was likely behind an enormous hack of government departments and corporations.
The announcement on Tuesday, which came in a rare joint statement from the Federal Bureau of Investigations, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency, rejects claims from President Donald Trump that the widespread hack may have been the work of China.
The statement represented the US government’s first formal assignment of responsibility for the breaches.
It was also the first time intelligence officially referenced a motive in the hacking, which they said appeared to be part of an “intelligence-gathering” and suggesting the evidence so far points to a Russian spying effort rather than an attempt to damage or disrupt government operations.
The agencies said that the actor, “likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks”.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the statement said.
Russia has denied involvement in the hack.
US officials, including Attorney General William Barr and Secretary of State Mike Pompeo, and cybersecurity experts have previously said Russia was to blame.
But Trump, in a series of tweets late last month, sought to downplay the severity of the hack and raised the unsubstantiated idea that China could be responsible.
— Cybersecurity and Infrastructure Security Agency (@CISAgov) January 5, 2021
Departments penetrated in the hack include Defense, State, Homeland Security, Treasury, and Commerce and is considered the worst known cyber-compromise in recent history.
The security company FireEye, which was itself breached, discovered the new round of attacks, many of which were traced to a tainted software update from SolarWinds, which makes widely used network-management programs.
Other attacks have used resellers of Microsoft cloud services, with email being a main target of the hackers.