"We're regularly hit by cyber attacks, but this one's a big one," a source who requested anonymity told the EUobserver.
An internal e-mail to all staff warned: "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."
The European External Action Service is the community's diplomatic arm.
To prevent the "disclosure of unauthorized information," the message said, the commission has shut down external access to e-mail and the intranet. All staff were told to change their passwords.
One EU source said the attack resembled a huge assault on the French Finance Ministry last year. In that operation, described by the French as "pure espionage," some information was suspected of being sent to Chinese sites.
An EU source speculated that China may be involved in the current attack.
"We are not speculating on the origin," EU spokesman Anthony Gravali told EUobserver.