The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government — almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.

Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.

The Trump administration said little in public about the hack, which suggested that while the government was worried about Russian intervention in the 2020 election, key agencies working for the administration — and unrelated to the election — were actually the subject of a sophisticated attack that they were unaware of until recent weeks.

The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a spokesman for the National Security Council, said in a statement. The Department of Homeland Security’s cybersecurity agency, whose leader was fired by President Trump last month for declaring that there had been no widespread election fraud, said in a statement that it had been called in as well.

The Commerce Department acknowledged that one of its agencies had been affected, without naming it. But it appeared to be the National Telecommunications and Information Administration, which helps determine policy for internet-related issues, including setting standards and blocking imports and exports of technology that is considered a national security risk.

It was a measure of the sudden panic sweeping federal offices that the Department of Homeland Security ordered all agencies late Sunday night to shut down any use of a complex piece of network management software made by a company called SolarWinds and installed on networks belonging to government agencies and American corporations.

Unlock more free articles.

Create an account or log in

The order was so urgent that it gave a deadline of noon on Monday for “a completion report” confirming that the software was no longer in use.

But that was clearly too late for intrusions that have been underway for months. The malign code was entered when the hackers broke into the periodic automatic updates of the software, much like when an iPhone is updated overnight. SolarWinds has traced those intrusions back to the springtime. That means the hackers have had free rein for much of the year, though it is not clear how many email and other systems they chose to enter.

FireEye, a computer security firm that first raised the alarm about the Russian campaign after its own systems were pierced, said the so-called supply chain attack — going after outside products that are introduced into computer networks — constituted “top-tier operational tradecraft.”

The motive for the attack on the agency and the Treasury Department remains elusive, two people familiar with the matter said. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.

Nicholas Kristof: A behind-the-scenes look at Nicholas Kristof’s gritty journalism, as he travels around the world.

News of the breach, reported earlier by Reuters, came less than a week after the National Security Agency, which is responsible for breaking into foreign computer networks and defending the most sensitive U.S. national security systems, issued a warning that “Russian state-sponsored actors” were exploiting flaws in a system broadly used in the federal government.

At the time, the N.S.A. refused to give further details of what had prompted the urgent warning. Shortly afterward, FireEye announced that hackers working for a state had stolen some of its prized tools for finding vulnerabilities in its clients’ systems — including the federal government’s. That investigation also pointed toward the S.V.R., one of Russia’s leading intelligence agencies. It is often called Cozy Bear or A.P.T. 29, and it is known as a traditional collector of intelligence.

FireEye’s clients, including the Department of Homeland Security and intelligence agencies, hire the firm to conduct ingenious but benign hacks of their systems using the company’s large database of techniques it has seen around the world. Its “red team” tools — essentially imitating a real hacker — are used to plug security holes in networks. So the hackers who stole FireEye’s tools have added to their arsenal. But it appears that FireEye was hardly their only victim.