Russia's government is supporting a group of hackers to steal secrets from hundreds of companies in the U.S. and Europe to help businesses in its own country, according to a report by cybersecurity research firm CrowdStrike.
CrowdStrike explained it spent nearly two years following a group of Russian hackers, which it called "Energetic Bear," but the security research firm did not give concrete evidence to support a link to the Russian government in its report.
"Observed indicators obtained from monitoring this adversary's activity suggest that Energetic Bear is operating out of Russia, or at least on behalf of Russia-based interests, and it is possible that their operations are carried out with the sponsorship or knowledge of the Russian state," the report says.
CrowdStrike said technical evidence links the group to the Russian Federation, including activity patterns that closely match Moscow's time zone, while the data stolen by Energetic Bear came mainly from companies in the energy sector. Russia's economy is dominated by oil and gas production, so competing Western companies would be an attractive target for state-sponsored hackers. Energetic Bear accesses websites using techniques including hiding malware in programs including Adobe Reader, the report said.
If these claims are true, Russia's government may face the same scrutiny as China for being linked with hackers stealing secrets from companies to benefit its economy, rather than political and security interests. It would also be damaging to progress made on cybersecurity between the U.S. and Russia as these types of crimes become a new kind of first-strike weapon. The two countries signed an agreement in 2013 creating a hotline to warn each other about hacks that could be misinterpreted as attacks on the other nation's infrastructure or security interests, building on the Nuclear Risk Reduction Center established in 1987 to avoid tensions that might have led to atomic war.
Russia has used hackers effectively for political gain in recent years, whether or not they were working directly for the government. Websites publishing material critical of Russian President Vladimir Putin or broadcasting video of protests in the Russian Federation are targeted by hacks including direct denial of service attacks, which overload a site with traffic so that the connection slows down and the site becomes inaccessible. Hackers also caused confusion on networks in Georgia during Russia's invasion of that country in 2008.
The Obama administration condemned Chinese government hacking of U.S. businesses in March 2013, when Tom Donilon, national security adviser to the Obama administration, said in a speech "the international community cannot afford to tolerate such activity from any country." The Chinese government denied involvement. Michael Hayden, former director of both the CIA and the National Security Agency, has said governments steal each other's secrets all the time, but state-supported hackers cross a line by targeting civilian businesses for financial gain.
The CrowdStrike report also detailed activity by the Syrian Electronic Army, which has been prolific accessing the social media accounts of news organizations to spread propaganda favorable to Syrian President Bashar al-Assad.
CrowdStrike also cautions that spear phishing attacks using links sent by fake email addresses to spread malware could increase during the Winter Olympics taking place next month in Sochi, Russia, because of the global attention paid to the games.