Earlier this year, investigators for Silicon Valley security company FireEye Inc. visited a U.S. firm to determine who, and what, sneaked into the firm’s network harboring military secrets.

There they found what they call a sophisticated cyberweapon, able to evade detection and hop between computers walled off from the Internet. The spy tool was programmed on Russian-language machines and built during working hours in Moscow. FireEye’s conclusion, in a report to be released Tuesday: The cyberspying has a “government sponsor—specifically, a government based in Moscow.”

The report is one of four recent assessments by cybersecurity companies, buttressed by reports from Google Inc. and U.S. intelligence agencies, pointing to Russian sponsorship of a skilled hacking campaign dating back to 2007. Targets included NATO, governments of Russia’s neighbors, and U.S. defense contractors Science Applications International Corp. and Academi LLC, the U.S. security firm previously known as Blackwater.

Collectively, the new research offers evidence supporting a view long expressed privately by U.S. officials and American security researchers: Moscow commands the A-team of Internet adversaries.

China, the object of recent U.S. allegations of cyberspying, may hack more often, U.S. officials and researchers say. But Russia hacks better.