WASHINGTON — Federal officials are still digging into how hackers were able to launch a massive cyberattack against the U.S. government and American companies while discussing possible methods of retaliation, one of President Joe Biden’s national security advisers said Wednesday.

In providing an update on the SolarWinds hacking investigation during a White House press briefing, Anne Neuberger, deputy national adviser for cyber and emerging technology, said the networks of nine federal agencies and about 100 private-sector companies were compromised — a number that she did not rule out could grow.

Neuberger referred to the culprits as “an advanced persistent threat actor likely of Russian origin.”

The breach occurred when hackers hid malware code into an update for SolarWinds’ popular network management software, giving the cybercriminals unfettered access for months to the files and emails of businesses and agencies, including the State, Justice, Treasury and Energy departments, officials said. Brad Smith, the president of Microsoft, which was among the companies that were breached, recently called it “the largest and most sophisticated attack the world has ever seen.”

The hack was first detected in December, but then-President Donald Trump largely avoided the topic in his final weeks in office other than to suggest, without evidence, that China might have been behind it despite his own secretary of state, Mike Pompeo, and attorney general, William Barr, publicly pointing the finger at Russia.

“The scope and scale, to networks and information, makes this more than an isolated case of espionage,” Neuberger said, adding that some of the agencies targeted were of high foreign intelligence interest.

Neuberger said that officials fear the hackers could use products obtained from compromised tech companies to launch additional cyberattacks.

She said the government’s response efforts are focused on finding and expelling the hackers from networks, rebuilding the networks and improving their security, and formulating a response. 

She estimated the investigation could last several more months and said executive action from Biden is likely to address security gaps identified as a result of the hack. 

“This is challenging,” Neuberger said. “This is a sophisticated actor who did their best to hide their tracks. We believe it took them months to plan and execute this compromise. It will take us some time to uncover this layer by layer.”

Neuberger did not list any examples of responses being weighed by the Biden administration but indicated they would be in retaliation for more than just the SolarWinds attack.

“This isn’t the only case of malicious cyberactivity of likely Russian origin, either for us or our allies and partners,” she said. “So as we contemplate future response options, we’re considering holistically what those activities were.”

In preventing such attacks in the future, Neuberger suggested there will need to be greater visibility into private-sector networks. 

“If you can’t see a network, you can’t defend a network,” she said, adding that the federal government must, too, address “a culture and authorities” that inhibit visibility on its own networks.