Investigators at CrowdStrike, the security firm, started getting called into U.S. oil and energy firms to investigate. As CrowdStrike teased the code apart in late 2013, they began to pick up Russian-language artifacts and time stamps indicating that the attackers were working on Moscow hours. Either this was a Russian campaign, or someone taking great pains to look like a Russian campaign. CrowdStrike gave the grid hackers a deceptively affable name, Energetic Bear—Bear being the firm’s code word for Russia’s state-backed groups. As they unspooled the attacks, they discovered that the code
...more
