"The third part of what we are doing about it is responding to the perpetrators of the attack. You can expect further announcements on that in weeks, not months," said the official, who declined to be named, in a telephone briefing with reporters.

The operation, which was identified in December and which the U.S. government has said was likely orchestrated by Russia, breached software made by SolarWinds Corp, giving hackers access to thousands of companies and government offices that used its products.

Microsoft President Brad Smith described the attack as "the largest and most sophisticated attack the world has ever seen."

The senior official also noted that most of the nine federal government agencies compromised by the SolarWinds hack have completed an independent review and those that have not will finish one by the end of March.

The hacking, which also hurt 100 private companies, used corrupted SolarWinds code and weaknesses in Microsoft identity-management tools.

(Reporting by Alexandra Alper, Nandita Bose and Joseph Menn; editing by Jonathan Oatis and Cynthia Osterman)