The office and the FBI, the National Security Agency, and Cybersecurity and Infrastructure Security Agency inside the Department of Homeland Security, in a joint statement, said the hackers' goal appeared to be collecting intelligence, rather than any destructive acts.
The agencies said that the actor, "likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks." The investigation is continuing, they said, and could turn up additional government victims.
It was the first formal statement of attribution by the Trump administration.
Elected officials briefed on the inquiry had previously said Russia was behind the hacking spree, but President Donald Trump had muddied the waters by saying it could have been China.
The penetration of departments including Defense, State, Homeland Security, Treasury, and Commerce is already considered the worst known cyber-compromise at least since electronic dossiers on most Americans with security clearances were taken from the Office of Personnel Management five years ago.
The security company FireEye, which was itself breached, discovered the new round of attacks, many of which were traced to a tainted software update from SolarWinds, which makes widely used network-management programs.
Other attacks have used resellers of Microsoft cloud services, with email being a main goal of the hackers.