By Jim Finkle and Jack Stubbs
TORONTO/MOSCOW (Reuters) - Hackers sought to discredit leading Russian opposition figure Alexei Navalny in a disinformation campaign that implied he was working with a U.S. government group, Canadian cyber researchers said on Thursday.
That effort, which took place in October 2016, was part of a cyber spying operation with more than 200 targets in 39 countries, according to an online report published by Citizen Lab, an institute at the University of Toronto’s Munk School of Global Affairs.
Targets included a former Russian prime minister and other officials from Russia, military officers, energy executives and an American working for a broadcaster funded by the U.S. government whose emails were used to discredit Navalny, Citizen Lab said.
Citizen Lab said it did not know who was behind the campaign, but said strong circumstantial evidence linked it to a hacking group known as APT28, or Fancy Bear. Private cyber security firms have tied that group to the Russian military intelligence agency GRU, blaming it for hacks on election campaigns in the United States and Europe.
Navalny and the Kremlin did not respond to requests for comment. The Russian government has previously denied that it was involved in election hacks or other attacks blamed on APT28.
Navalny is the most prominent opposition challenger to President Vladimir Putin, who is expected to run for a fourth term in 2018.
In February, a Russian court found Navalny guilty of embezzlement. He said the trial was politically motivated. Officials have since said he cannot run for the Russian presidency unless the conviction is overturned.
In March, Navalny organized the biggest anti-government protests in Russia for years.
The Citizen Lab report included images of what it said were doctored emails stolen on Oct. 6 from David Satter, an American working for broadcaster Radio Free Europe/Radio Liberty, which is funded by Washington.
The stolen emails were published Oct. 22 on CyberBerkut, a site that claims to be operated by a group of pro-Russian hacker activists.
"They are trying to suggest that Russian opposition figures and journalists are actually being directed by foreigners,” Satter said in a telephone interview with Reuters.
Citizen Lab said it expects these types of attacks to continue because they are proven effective in swaying public opinion.
"Tainted leaks plant fakes in a forest of facts in an attempt to make them credible by association with genuine, stolen documents," said Citizen Lab researcher John Scott-Railton. "We expect to see many more."
(Reporting by Jim Finkle in Toronto and Jack Stubbs in Moscow; Editing by Marla Dickerson and Grant McCool)