According to cybersecurity firm Mandiant, the hack of choice works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices.

The company announced how users could check to see if they were affected but said the software update to prevent the risk to users would not go out until May. The campaign is the third distinct, and severe cyberespionage operation against the US made public in recent months, stressing an already strained cybersecurity workforce.

In January, the US government accused Russia of hacking nine government agencies via SolarWinds, a Texas software company widely used by American businesses and government agencies.

In March, Microsoft blamed China for starting a fight where scores of different hackers broke into organisations worldwide through the Microsoft Exchange email program. In all three campaigns, the hackers first used those programs to hack into victims' computer networks, then created backdoors to spy on them for months, if not longer.

The US Cybersecurity and Infrastructure Security Agency, or CISA, warned that the latest hacking campaign is currently "affecting US government agencies, critical infrastructure entities, and other private sector organisations".