Hackers broke into the networks of the Treasury and Commerce departments as part of a monthslong global cyberespionage campaign revealed Sunday, just days after the prominent cybersecurity firm FireEye said it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft. In response to what may be a large-scale penetration of U.S. government agencies, the Department of Homeland Security’s cybersecurity arm issued an emergency directive calling on all federal civilian agencies to scour their networks for compromises. The threat apparently came from the same cyberespionage campaign that has afflicted FireEye, foreign governments and major corporations, and the FBI was investigating. “This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch. News of the hacks, first reported by Reuters, came less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye´s customers include federal, state and local governments and top global corporations. The apparent conduit for the Treasury and Commerce Department hacks – and the FireEye compromise – is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies that will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike. The DHS directive – only the fifth since they were created in 2015 – said U.S. agencies should immediately disconnect or power down any machines running the impacted SolarWinds software.