Officials at the fund gave few details but said the attack earlier this year had been “a very major breach” of its systems, the New York Times reports.
Cyber security officials said the hack was designed to install software to create a “digital insider presence”.
The IMF, which holds sensitive economic data about many countries, said its operations were fully functional.
The cyber attack took place over several months, and happened before former IMF chief Dominique Strauss-Kahn was arrested over sexual assault charges.
“I can confirm that we are investigating an incident,” said spokesman David Hawley.
“I am not in a position to elaborate further on the extent of the cyber security incident.”
The New York Times said IMF staff had been told of the intrusion on Wednesday by e-mail, but that the Fund had not made a public announcement.
The e-mail warned that “suspicious file transfers” had been detected and that an investigation had shown a desktop at the Fund had been “compromised and used to access some Fund systems”.
There was “no reason to believe that any personal information was sought for fraud purposes,” it said.
High profile breaches
A cyber security expert told Reuters the infiltration had been a targeted attack which installed software designed to give a nation state a “digital insider presence” at the IMF.
“The code was developed and released for this purpose,” said Tom Kellerman, who has worked for the Fund.
Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government. However, such attacks are very difficult to trace.
The World Bank said it briefly cut its network connection with the Fund out “an abundance of caution”.
“The World Bank Group, like any other large organisation, is increasingly aware of potential threats to the security of our information system and we are constantly working to improve our defences,” said spokesman Rich Mills.
The incident is the latest in a string of high-profile cyber security breaches.
In April, the Sony Playstation network was shut down after hackers stole the personal data of about 100 million accounts and in May, US defence firm Lockheed Martin said it had come under a significant cyber-attack.
CIA Director Leon Panetta told the US Congress earlier this week that a large-scale cyber attack while would cripples power, finance, security and governmental systems was “a real possibility in today’s world”.