The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.

The officials said that the Cybersecurity and Infrastructure Security Agency, which has been helping to manage the federal response to the broad hacking campaign, indicated to FERC this week that CISA was overwhelmed and might not be able to allocate the necessary resources to respond. DOE will therefore be allocating extra resources to FERC to help investigate the hack, even though FERC is a semi-autonomous agency, the officials said.

Several top officials from CISA, including its former director Christopher Krebs, have either been pushed out by the Trump administration or resigned in recent weeks.

Federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at DOE still don’t know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage “for weeks.”

Shaylyn Hynes, a DOE spokesperson, said that an ongoing investigation into the hack has found that the perpetrators did not get into critical defense systems.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”