Rostelecom and NKTsKI said the attackers used spear-phishing, vulnerabilities in web applications, and targeted the IT infrastructure of government contractors to breach Russian federal agencies.