The malware at issue, known as "agent.btz," infiltrated the computer systems of the U.S. Central Command in 2008, at a time when it was running wars in Iraq and Afghanistan.
The attack established what Deputy Defense Secretary William Lynn called "a digital beachhead" for a foreign intelligence agency to attempt to steal data.
The Pentagon last year disclosed its operation to counter that attack, known as Buckshot Yankee.
But new, more potent variations of agent.btz are still appearing.
"We can definitely say that it's not limited to government computers, it never has been, and that it hasn't gone away," said an official of the Department of Homeland Security, which leads U.S. efforts to secure federal nonmilitary computer networks, often described as the Internet's "dot.gov" domain.
The Russians are suspected. Who knew they planned their own "reset" before we did?