The attack, which was discovered in July and came to public attention this week, specifically focused on the Department's Bureau of Industry and Security (BIS), which is responsible for such areas as export control and treaty compliance.
"The BIS discovered a targeted effort in July to gain access to user accounts, and we took immediate steps to ensure no information was comprised," Richard Mills, a spokesman for the Commerce Department, said Friday.
Although Mills declined to elaborate further, the Wall Street Journal reported that the BIS was replacing hundreds of workstations.
Meanwhile, one department official told CNET News.com that the BIS was cleaning up its computer system and receiving new hardware. The official noted that Internet access has been restricted to standalone workstations that are not connected to the bureau's other internal systems.
Commerce Department officials believe the malicious attack originated in China, a region, for spawning Trojans, phishing attacks and other security threats. The official noted that the attack was traced back to an Internet service provider based in China.