The report by Symantec(SYMC, Tech30) described how hackers have sneaked malware into computers at power plants, energy grid operators, gas pipeline companies and industrial equipment makers. Most of the targets were in the United States and Spain. The rest were across Europe.
Russia: Ukraine gas dispute just business
The malware was used to steal documents, usernames and passwords. In the best-case scenario, the hackers only took valuable and sensitive information. At worst, they gained the ability to hijack controls -- and even sabotage the nation's energy supply.
Another security company, Crowdstrike, first spotted the Energetic Bear operation in 2012. Crowdstrike thinks the hackers at Energetic Bear work for -- or alongside -- Russian government intelligence services at the behest of state-owned gas enterprises, including Gazprom (GZPFY)and Rosneft.
Neither the Russian embassy, nor those energy companies, responded to requests for comment.
Why should you care? If a nation breaks into Exxon-Mobil(XOM) or BP(BP) and figures out where they've discovered vast oil or natural gas reserves, it could beat them to the punch and start drilling first. If it steals blueprints to the power grid or key pipelines, it could disable them to cause economic chaos -- or shut it down during a war.
"The Russians are engaged in aggressive economic and political espionage," Crowdstrike co-founder Dmitri Alperovitch said.
Security researchers said Energetic Bear is notable for its military precision and planning.
And Energetic Bear hackers aren't limited to attacking the energy sector. Their malware has also been spotted inside the networks of European and U.S. defense contractors and health care providers, as well as manufacturers, construction companies and universities doing research in the field of nuclear energy.
"We haven't seen anything at this scale with industrial control systems," said Kevin Haley, Symantec's director of security.