In a report published today, the Moscow-based antivirus vendor said the group had attacked military contractors in South Korea and Japan.
Researcher Costin Raiu said the speed of the break-ins, the quickest of which lasted less than an hour, and the highly selective nature of the digital files they stole suggested they were guns for hire.
Raiu said his organisation's "opinion is that they do it on contract."
He added that while the hackers' identities weren't entirely clear, forensic data suggested they were a cross-border group operating out of China, South Korea, and Japan.