According to the firm, CrowdStrike, the victims of the previously
unreported cyber espionage campaign include energy and technology
firms, some of which have lost valuable intellectual property.
CrowdStrike declined to go into detail about those losses or to name
any victims, citing confidentiality agreements related to its
Officials with the Russian Interior Ministry could not be reached
for comment early on Wednesday in Moscow.
"These attacks appear to have been motivated by the Russian
government's interest in helping its industry maintain
competitiveness in key areas of national importance," Dmitri
Alperovitch, chief technology officer of CrowdStrike, told Reuters
on Tuesday evening.
Cybersecurity researchers have in the past said that China's
government was behind cyber espionage campaigns against various
corporations dating back as far as 2005, but China has vehemently
denied those allegations. Alperovitch said this is the first time
the Russian government has been linked to cyber intrusions on
Governments have been using computer networks to spy on each other
for more than 30 years in the type of surveillance programs
conducted by virtually every nation, according to CrowdStrike. It is
only in the past decade that some nations have started using cyber
espionage as a platform for gaining data to help promote their
national economic interests, according to Alperovitch.
CrowdStrike has been following the activities of the Russian group
of hackers, which it dubbed "Energetic Bear," for two years. The
firm believes the Russian government is behind the campaign because
of technical indicators, as well as analysis of the targets chosen
and the data stolen, according to Alperovitch.
"We are very confident about this," he said. Victims include
European energy companies, defense contractors, technology companies
and government agencies, according to the CrowdStrike report.
Manufacturing and construction firms in the United States, Europe
and Middle East as well as U.S. healthcare providers were also cited
as targets in the report that was posted on the Web early on
[to top of second column]
CrowdStrike described the activities of the Energetic Bear hackers
in its annual cyber threat report, released on Wednesday. It also
documented attacks by hacking groups in China and Iran and described
the activities of the activist Syrian Electronic Army.
Alperovitch, who is of Russian ethnic origin and now lives in the
Washington, D.C., area, is an expert on cyber espionage who rose to
prominence while working for McAfee Inc. While there he managed a
team of researchers who produced a landmark January 2010 report that
described how Chinese hackers had launched an unprecedented series
of attacks known as "Operation Aurora" on Google Inc and dozens of
In 2012, he co-founded CrowdStrike, which collects intelligence
about the activities of hacking groups around the world and sells
software to thwart such attacks.
He told Reuters that the data his firm has obtained about Energetic
Bear suggests that authorities in Moscow have decided to start using
cyber espionage to promote Russia's national economic interests.
"They are copying the Chinese playbook," he said. "Cyber espionage
is very lucrative for economic benefit to a nation."
(Reporting by Jim Finkle; additional reporting by Megan Davies in
Moscow; editing by Tiffany Wu and Ken Wills)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.