The cybersecurity arm of the Department of Homeland Security has issued an emergency directive for all federal civilian executive branch agencies to search their networks for indications they were compromised after the Commerce Department confirmed it was hacked.

The Cybersecurity and Infrastructure Security Agency (CISA) issued the directive late Sunday, stating cybersecurity products by Austin-based SolarWinds “are currently being exploited by malicious actors.”

“CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk,” it said, stating the impact of a successful attack could be “grave.”

SolarWinds products are used by more than 300,000 customers, including more than 400 of the US Fortune 500 companies, five branches of the US military and the Departments of Defense, State and Justice as well as the office of the president, according to its website.

The company described the attack in a statement as “highly sophisticated” and likely conducted by an outside nation state that targeted specific entities.

Though the extent of the intrusion is unknown, the Commerce Department confirmed in a statement to CNN that it was one of the federal agencies breached.

“We can confirm there has been a breach in one of our bureaus,” it said without specifying which one. “We have asked CISA and the FBI (Federal Bureau of Investigation) to investigate, and we cannot comment further at this time.”

John Ullyot, the spokesman for the National Security Council, said in a statement that the U.S. government was aware of the reports and was “taking all necessary steps to identify and remedy any possible issues related to the situation.”

On Sunday, the company said its investigation uncovered the “global campaign” targeting the networks of public and private organizations that was delivered through updates to the network-monitoring products developed by SolarWinds.

“The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors,” Kevin Mandia, the chief executive officer of FireEye, said in a statement.

The company said it has identified multiple organizations that have indictions they were breached as far back as the spring, stating each attack required “meticulous planning and manual interaction.”

SolarWinds said the updates in question were released between March and June.

The attack comes a week after the National Security Agency issued a warningthat “Russian state-sponsored malicious cyberactors” were exploiting vulnerabilities in software used by departments in the US government.

Russia responded to speculation it was behind the attack revealed on Sunday, stating “malicious activities in the information space” contradict its foreign policy, national interests and understanding of interstate relations.

“Russia does not conduct offensive operations in the cyber domain,” the Embassy of Russia in the United States said in a statement published on Facebook.

CISA said in the emergency directive that agencies operating SolarWinds products have until noon Monday to provide it with a complete report of its analysis of potential compromises. CURRENTPH