Hackers seized control of networks at NASA’s Jet Propulsion Laboratory last November, gaining the ability to install malware, delete or steal sensitive data, and hijack the accounts of users in order to gain their privileged access, according to a report from the National Aeronautics and Space Administration’s inspector general.

The breach, originating from Chinese-based IP addresses, allowed the intruders to compromise the accounts “of the most privileged JPL users,” giving them “full access to key JPL systems,” according to Inspector General Paul K. Martin in a report to Congress (.pdf).

The investigation of the breach is ongoing, but Martin says the intruders had the ability to modify sensitive files; modify or delete user accounts for mission-critical JPL systems; and alter system logs to conceal their actions.

“In other words, the attackers had full functional control over these networks,” Martin writes.

But this wasn’t the only breach NASA experienced. In 2010 and 2011, the agency had 5,408 computer security incidents that resulted in the installation of malicious software and the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million. Some of the breaches “may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin writes.