The US has issued an emergency order after revealing that its treasury and commerce departments had been hacked.
All federal civilian agencies have been told to disconnect from SolarWinds, a computer network tool that is being exploited by “malicious actors”.
The US has not publicly identified who is behind the attack.
The incident comes less than a week after cyber security firm FireEye disclosed that its hacking tools had been stolen in a breach.
In its order, the US Cybersecurity and Infrastructure Security Agency (Cisa) said the current hack had a high potential to compromise government systems.
Tech firm SolarWinds, which designed the tool, said on Twitter that users of its Orion platform should upgrade immediately to address a “security vulnerability”.
FireEye revealed in a blog post it had identified “a global campaign” from earlier this year to compromise the computer networks of private and public organisations by inserting malicious code into software updates.
The firm said this included updates to SolarWinds Orion, which give attackers remote access to the victims’ environment.
It added that the campaign demonstrated “top-tier operations tradecraft and resources” consistent with state-sponsored attackers.
Three people familiar with investigations into the most recent attack told Reuters news agency that Russia is believed to be behind the hack.