It did not say which foreign power it suspected.
Earlier this week, Russia's Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.
They also said a think tank, research institute and healthcare provider in the United States were among those targeted by the malicious software, which they have dubbed "MiniDuke".
NATO also confirmed it had been targeted, although the alliance said its computer systems had been unaffected.
"It is a cyber attack ... pursued by an entity that has the characteristics of a state actor," SRI spokesman Sorin Sava told Reuters in a phone interview on Friday.
"Our estimations show the attack is certainly relevant to Romania's national security taking into account the profile of the compromised entities," Sava said, adding that private organizations had also been targeted.
One of the researchers involved in identifying the attack told Reuters earlier this week he also suspected a foreign government was involved, but did not say which. Romania is the first government to make such a suggestion.
The MiniDuke hackers attacked their victims by exploiting recently-discovered security bugs in Adobe's Reader and Acrobat software. They sent their targets PDF documents tainted with malware, an approach that hackers commonly use to infect PCs.
Adobe said it had released a software patch to cover the flaw, and any users who had downloaded it would be protected against "MiniDuke".
Computer security experts and Western officials say state-backed cyber attacks aimed at stealing information have soared in recent years. While they rarely attribute blame publicly, in private many blame China - although Beijing angrily denies the charge.
In this case, however, computer experts say an attacker from the former Soviet Union could be more likely. "MiniDuke" in some ways resembles a banking fraud Trojan dubbed "TinBa" believed to have been created by Russian criminal hackers.
SRI would not give the names of the affected institutions. Sava said specialized secret service "reaction teams" were investigating the size of the attack to "limit its consequences and stop it".
"This attack has a bigger impact because of its superior technological level that allows it to better conceal itself and take over control over a compromised network in order to extract information," Sava said.
(Additional reporting by Peter Apps; Writing by Radu Marinas; Editing by Andrew Roche)