Hackers affiliated with the Russian government have struck once more. This time around, however, their operation went beyond normal hacking and into the realm of espionage. According to Reuters, two cybersecurity companies, CrowdStrike and FireEye Inc, have uncovered a covert operation: Russian hackers have been masquerading as State Department employees in order to gain access to U.S. government agencies, private businesses, and influential think-tanks. The two firms, which are leading the investigation, state that the hackers’ objective was to infiltrate into the software of the agencies and companies and steal classified and confidential information.

The hackers initiated contact by sending emails supposedly coming from a State Department public affairs representative named Susan Stevenson. The email urged the recipients to download documents, which were corrupted, that were allegedly sent by Heather Nauert, the State Department Spokesperson, who U.S. President Donald Trump is considering for the currently empty position of the U.S. ambassador to the United Nations. If someone was caught unaware and opened the corrupted documents, a malware would overwhelm the host computer and thus grant the hackers access to sensitive information.

FireEye and the Dutch General Intelligence and Security Service stated that hackers belonged to a group known as APT29, which is known to be working with the Russian Foreign Intelligence Service. Interestingly, a Russian cybersecurity firm named Kaspersky Lab verified the involvement of APT29 but stated that the group hasn’t been active since 2017. But the hackers didn’t restrict themselves to federal agencies and think-tanks. They also targeted hospitals, consulting agencies, pharmaceutical firms, and media companies. It remains unknown how many agencies and companies have been compromised.

Surprisingly, the U.S. midterm elections went without any foreign interference incident — at least with all available evidence. But that was an exception from the norm. U.S. and allied intelligence services have accused Russia of meddling in numerous political campaigns and elections, to include the 2016 U.S. presidential election, the 2016 French presidential elections, and the Brexit, Scottish Independence, and Catalonia Independence referenda.

Thus far, Russian cyberwarfare operations have been focused on political and military targets. The uncovering of this operation suggests a shift in broadening of strategy to include private sector companies. A reason behind this could be a financial benefit. Chinese hackers are known to target U.S. private firms seeking to gain a competitive advantage. Private companies, however, could also be privy to classified political or military information. For example, consulting agencies, such as Deloitte or McKinsey & Company, are often assigned projects by the federal government, the Department of Defence (DoD) and the State Department, are some frequent customers. Gaining access to these companies could be a way into the systems of the departments and agencies.

The Russian government continues to deny any interference in foreign countries’ political processes.