A US cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyberattacks for alleged economic, rather than political, gains.
According to the firm, CrowdStrike, the victims of the previously unreported cyberespionage campaign include energy and technology firms, some of which have lost intellectual property.
CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.
"These attacks appear to have been motivated by the Russian government's interest in helping its industry maintain competitiveness in key areas of national importance," Dmitri Alperovitch, chief technology officer of CrowdStrike, said on Tuesday.
Cybersecurity researchers have in the past said that China's government was behind cyberespionage campaigns against various corporations dating back as far as 2005. China has denied those allegations. Alperovitch said it was the first time the Russian government had been linked to the hacking of companies.
Governments had been using computer networks to spy on each other for more than 30 years in the type of surveillance programmes conducted by virtually every nation, according to CrowdStrike.
It was only in the past decade that some nations had started using cyberespionage as a platform for gaining data to help promote their national economic interests, according to Alperovitch.
CrowdStrike has been following the activities of the Russian group of hackers, which it dubbed "Energetic Bear", for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen.
"They are copying the Chinese play book," Alperovitch said. "Cyberespionage is very lucrative for economic benefit to a nation."