Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.

Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

Hackers broke into the NTIA's office software, Microsoft's Office 365. Staff emails at the agency were monitored by the hackers for months.

Office 365 has many vulnerabilities.

The most common vulnerability is staff who are lazy in their email and security procedures.

Another possibility is the following.

Microsoft Office 365 manages federated identities through Security Assertion Markup Language (SAML). Office 365 has vulnerabilities that would online hackers to infiltrate accounts, data, e-mail messages and files within the software's cloud.

SAML is a standard employed by businesses and other entities to transfer authentication and authorize information. It permits a single sign-on across a number of different websites, allowing for greatly improved efficiency. Microsoft's use of SAML version 2.0 in its Office 365 software is flawed in that it does not authenticate the element known as the NameID.