The security firm of the USA has claimed that a sophisticated, Russia-based hacker group is spying on NATO and former Soviet member states, most likely on the orders of the Russian government. 

Russian cyber espionage efforts have long been considered unrivaled in skill and scope, but the difficulty of identifying attacks and tracing them to an identifiable source has prevented cyber security investigators from pinning any activity directly on a single Russian entity. But evidence of a wide-ranging cyber espionage campaign is mounting. Earlier a group of Russian hackers with suspected government backing had used a previously unknown backdoor.

A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.

The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders.

NATO leaders agreed on Friday that a large-scale cyber attack on a member country could be considered an attack on the entire U.S.-led alliance, potentially triggering a military response.

The decision marks an expansion of the organisation's remit, reflecting new threats that can disable critical infrastructure, financial systems and government without firing a shot. "Today we declare that cyber defence is part of NATO's core task of collective defence," NATO Secretary-General Anders Fogh Rasmussen told a news conference. In 2007, a series of crippling cyber attacks paralysed much of NATO member Estonia in an apparent response to a dispute over the movement of a Soviet-era war memorial.