The statement represented the U.S. government's first formal attempt to assign responsibility for the breaches at multiple agencies and to assign a possible motive for the operation. The agencies rejected President Trump's claim that China might be to blame.
The agencies said the hacks appeared to be part of "intelligence-gathering," suggesting the evidence so far pointed to a Russian spying effort, rather than an attempt to damage or disrupt U.S. government operations.
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," the statement read.
Russia has denied any involvement.
"This is a serious compromise that will require a sustained and dedicated effort to remediate," said the statement, distributed by a cyber working group that comprises the FBI and other investigative agencies.
U.S. officials, including Attorney General William Barr and Secretary of State Mike Pompeo, and cybersecurity experts previously said Russia was to blame.
During an appearance on the Mark Levin Show last month, Pompeo said the U.S. "can say pretty clearly that it was the Russians that engaged in this activity."
But Trump, in a series of tweets late last month, sought to downplay the severity of the hack and raised the unsubstantiated idea that China could be responsible.
Officials said the hack began as early as March when malicious code was slipped into updates to SolarWinds software that monitors computer networks. Microsoft helped respond to the breach with cybersecurity firm FireEye, which discovered the hack when the security firm itself was targeted.
The Associated Press contributed to this report.