The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other U.S. government agencies, according to people familiar with the matter.

The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The breaches have been taking place for months and may amount to an operation as long-running and significant as one that occurred in 2014-2015.

The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.

All of the organizations were breached through a network management system called Solar Winds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds could not immediately be reached for comment….

Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign is previously unreported.

The matter was so serious it prompted an emergency National Security Council meeting on Saturday, Reuters reported.

More….