WASHINGTON: US government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers after authorities learned that the Treasury and Commerce departments were hacked in a monthslong global cyberespionage campaign discovered when a prominent cybersecurity firm learned it had been breached.

In a rare emergency directive issued late Sunday, the Department of Homeland Security’s cybersecurity arm warned of an “unacceptable risk” to the executive branch from a feared large-scale penetration of US government agencies that could date back to mid-year or earlier.