Researchers at Switzerland's CERT (Computer Emergency Readiness Team) found malware on the network of Ruag, a Switzerland-based defense contractor which supplies the nation's military. And, they said, it is similar to code used previously by Turla APT, a Russian cyberespionage group that has been around since at least 2007.
These latest revelations indicate that Ruag had been infiltrated with malware as early as September 2014, with large amounts of data siphoned out in five instances throughout 2015.
The researchers planned to observe the malware to gain insights into the gang's operation but a Swiss newspaper revealed details of the attack earlier this month, which likely weakened its monitoring plans.
The Russian gang was patient in its approach and used various obfuscation methods to avoid detection, CERT said.
The research team released its findings on Tuesday in a 32-page report to help organizations defend against similar attacks.