The department is responsible for managing US nuclear weapons, but said the arsenal’s security had not been compromised.
Tech giant Microsoft also said on Thursday, 17 December, that it had found malicious software in its systems.
Many suspect the Russian government is responsible even though it has denied the claims.
The treasury and commerce departments are among the other agencies targeted in the sophisticated, months-long breach.
President Donald Trump is yet to comment on the cyber-attacks.
Meanwhile, US President-elect Joe Biden has vowed to make cyber-security a top priority of his administration.
America’s top cyber agency, the cybersecurity and infrastructure agency (CISA), gave a stark warning on Thursday that thwarting the intrusion would be highly complex and challenging.
It said critical infrastructure had been damaged, federal agencies and private sector companies were compromised and that the damage posed a grave threat that would be hard to undo.
”The hack began in at least March 2020, and those responsible had demonstrated patience, operational security, and complex tradecraft, the Cisa said.
The agency did not identify what information had been stolen or exposed.
Addressing the attack on the energy department, spokeswoman Shaylyn Hynes confirmed that it was responding to a cyber breach but said that the malware has been isolated to business networks only.
She said security functions at the national nuclear security administration (NNSA), which oversees US nuclear weapons had not been affected.