Even after it has reached a conclusion, the White House might decide not to name the attackers, just as it decided not to publicly blame China for the theft of 22 million security files from the Office of Personnel Management.

But American intelligence officials have been intensely focused on the likelihood that the attack was engineered by the Russian military, or “patriotic hackers” operating on their behalf, since the first reports of the December blackout. The officials have found it intriguing that the attack did not appear designed to shut down the entire country. “This appears to be message-sending,” said one senior administration official with access to the intelligence, who requested anonymity to discuss the ongoing inquiry.

Equally interesting to investigators was the technique used: The malware designed for the Ukrainian power grid was directed at “industrial control systems,” systems that act as the intermediary between computers and the switches that distribute electricity and guide trains as they speed down the track, the valves that control water supplies, and the machinery that mixes chemicals at factories.

The most famous such attack was the Stuxnet worm, which destroyed the centrifuges that enriched uranium at the Natanz nuclear site in Iran. But that is not an example often cited by American officials — largely because the attack was conducted by the United States and Israel, a fact American officials have never publicly acknowledged.

Experts in cybersecurity regard the Ukraine attack as a teaching moment, a chance to drive home to American firms the vulnerability of their own systems. “There’s never been an intentional cyberattack that has taken the electric grid down before,” said Robert M. Lee of the SANS Institute. Mr. Lee said that while it was still not possible to determine who conducted the attack — what is called “attribution” in the cyber industry — he noted that it was clearly designed to send a political message.