A cyber espionage campaign targeted hundreds of organizations from Europe, America and Asia and it appears the Russian government is behind it, researchers said.
IT security firm CrowdStrike said Russia has been launching cyber attacks in an effort to steal sensitive information which it can use to gain an economic advantage over its opponents.
CrowdStrike did not name the companies targeted by the Russian government, but the researchers said the list includes tech firms, energy providers, defense contractors, academia and even government agencies. CrowdStrike said the campaign primarily focuses on the energy sector.
Researchers said a hacker group dubbed “Energetic Bear” has been operating on behalf of the Russian government. CrowdStrike monitored the team’s operations since August 2012.
CrowdStrike found the Russian government is behind the espionage campaign based on the technical indicators, the chosen targets and the data they went after and stole. The cybercriminal group has been relying on two Remote Access Trojans (RATs) in its operations: HAVEX RAT and SYSMain RAT.
Technical details on the Energetic Bear attacks are in CrowdStrike’s Global Threat Report for 2013.
“Targeted entities and countries are consistent with likely strategic interests of a Russia-based adversary. Several infected hosts were observed within the Russian Federation, but this could be the result of accidental compromise through large-scale SWC operations or deliberate efforts to conduct domestic Internal monitoring,” the report said.
“Other data supporting a Russia-based adversary are observed in timing data related to these activities that aligns neatly with Russian working hours.”
Click here to register for the Crowdstrike report.