The FBI is investigating attacks on the computers of banking giant JPMorgan Chase and several other American banks, officials said.
Information that could be used to drain funds was stolen, according to a US official and another person briefed by law enforcement, who added that European banks may have been hit, too. Hackers also took sensitive information from employees' computers.
"We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," FBI supervisory special agent Joshua Campbell said.
Sources close to the investigation said it was the work of Russian hackers, adding investigators had determined that the attacks were routed through computers in Latin America and other regions via servers used by Russian hackers.
The FBI is believed to be investigating whether it was in retaliation for Western sanctions levied on Russia because of the situation in Ukraine.
But an industry official said it was unclear who conducted the attacks. The FBI did not officially comment on who was thought to be behind the intrusions.
In April, JPMorgan was singled out for Russian criticism when it initially blocked a payment from a Russian embassy in Kazakhstan to the affiliate of a US-sanctioned bank. Russia's foreign ministry called the move by New York-based JPMorgan "illegal and absurd".
Some analysts discounted the theory of a link to the Ukraine sanctions, noting that retaliation typically involves disruption of networks, not theft of data.
"We have seen Russian intelligence services target financial institutions for the purpose of espionage," said Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, who was not commenting on the JPMorgan case.
Of particular interest to Moscow is data from the oil and gas trading desks, Alperovitch said. Oil and gas are major sources of revenue for Russia.
One industry official said the intrusion was discovered about a fortnight ago. A second industry official confirmed the investigation, adding there was no indication of increased fraud activity.
"Companies of our size unfortunately experience cyberattacks nearly every day," said Trish Wexler, a spokeswoman for the bank. "We have multiple layers of defence to counteract any threats, and constantly monitor fraud levels."
The hackers discovered a software flaw known as a zero-day in at least one of the bank's websites, allowing them to take remote command of a computer, according to one of the people familiar with the investigation. They then ploughed through layers of elaborate security to steal the data - which security specialists said appeared far beyond the capability of ordinary criminal hackers.
The sophistication of the attack and technical indicators extracted from the banks' computers provide some evidence of a government link. Still, the trail is murky enough that cybercriminals from Russia or elsewhere in eastern Europe could be behind the assaults.
Other US federal agencies, including the National Security Agency, are aiding the investigation, said another person familiar with the probe.
Bloomberg, The Washington Post