CrowdStrike claims the ‘Energetic Bear’ group has been hacking foreign companies on behalf of the Russian state
According to the security technology vendor CrowdStrike, hackers working for the Russian government have been siphoning off information from hundreds of foreign companies over the course of 2013.
The spying campaign, revealed in CrowdStrike’s first annual Global Threat Report, was focusing on the defence, technology and energy businesses in the US, Europe and Asia.
This is the first time the Russian government has been accused of collecting commercial information to help local companies gain advantage over foreign competitors. Such methods are usually associated with the Chinese authorities and groups like Hidden Lynx. China has always denied the existence of any state-sponsored hacker organisations, however.
State-sponsored efforts to gather digital information are not new – CrowdStrike says that such campaigns have been operated by various governments for at least 30 years. However, it is only in the last decade that hackers have been employed to protect the country’s economic interests.
CrowdStrike says says that a hacker group it named the “Energy Bear” has been carrying out attacks on foreign companies for the past two years, and there is evidence that these operations were sanctioned by the Russian government.
“This actor used an advanced implant with several unique characteristics; additionally, they leveraged several unique toolsets and secondary implants to pursue R&D and strategically valuable information,” Adam Meyers, vice president of Intelligence at CrowdStrike wrote on the company blog.
According to the report, the Energetic Bear has been stealing valuable intellectual property, but the company didn’t name any victims due to confidentiality agreements.
CrowdStrike also reported on Emissary Panda, a Chinese group which carried out a series of attacks against, among other things, foreign embassies located in the US. This organisation also collected sensitive intelligence from the defence, aerospace, telecoms, and shipping sectors.
Meanwhile, a young Russian programmer has claimed responsibility for the modification of Kaptoxa (“Potato”) malware that was used to steal personal details of about 110 million customers of the US retail chain Target.
What do you know about IT in Russia? Take our quiz!