WASHINGTON, Jan 21 (Reuters) - A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains.
According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.
CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.
Officials with the Russian Interior Ministry could not be reached for comment early on Wednesday in Moscow.
“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters on Tuesday evening.
While cybersecurity researchers have in the past said that China’s government was behind cyber espionage campaigns against various corporations dating back as far as 2005, Alperovitch said this is the first time the Russian government has been linked to cyber intrusions on companies.
He said that CrowdStrike has been following the activities of this Russian group, which it dubbed “Energetic Bear,” for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen.
“We are very confident about this,” Alperovitch said. Victims include European energy companies, defense contractors, technology companies and government agencies, according to the CrowdStrike report.
Manufacturing and construction firms in the United States, Europe and Middle East as well as U.S. healthcare providers were also cited as targets.
Alperovitch, who is of Russian ethnic origin and now lives in the Washington, D.C., area, is an expert on cyber espionage who rose to prominence while working for McAfee Inc. While there he managed a team of researchers who produced a landmark January 2010 report that described how Chinese hackers had launched an unprecedented series of attacks known as “Operation Aurora” on Google Inc and dozens of other companies.
In 2012, he co-founded CrowdStrike, which collects intelligence about the activities of hacking groups around the world and sells software to thwart such attacks.
He told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.
“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”