The cybersecurity firm CrowdStrike has published a report detailing a program dubbed “Energetic Bear” that is linked to Russia’s government and conducts intelligence collection operations around the world.
If true, it would be the first time Moscow has been connected to cyber attacks for alleged economic (as opposed to political) espionage.
“They are copying the Chinese play book,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters. “Cyber espionage is very lucrative for economic benefit to a nation.”
The primary focus of the attacks appear to be the energy sector, CrowdStrike states, which makes sense since the oil market comprises 70% of Russia’s economy.
CrowdStrike has tracked Energetic Bear since August 2012 and states that the malware has been operated by the attackers since at least 2011. The investigation found that one implant, dubbed HAVEX RAT, had more than 25 versions as of October 2013.
Here’s a breakdown of the victims in each countries. As you can see, the U.S. is by far the top target (followed by Spain, Japan, and France).
Other targets include European governments; European, U.S., and Asian academia; European, U.S., and Middle Eastern manufacturing and construction industries; European defence contractors; U.S. healthcare providers; European IT providers; and research institutes.
Business Insider Emails & Alerts
Site highlights each day to your inbox.