For 18 days last month, a team of computer security experts found themselves engaged in a digital version of hand-to-hand combat with a group of hackers determined to break into the network of a military contractor.

Every time the hackers, believed to be Iranian, gained a toehold in one server, the defenders shut down their access. A few days later, the hackers would come in through another digital door, and again the defenders would block them.

While dueling with the hackers, the security experts said they encountered something that they had never seen before when dealing with an Iranian cyberattack: a Russian connection.

Specifically, they found that the Iranians were using a tool set developed by a known Russian hacker-for-hire and sold in underground Russian forums. The tool had popped up in connection with an attack in Ukraine in 2015, when Russian hackers successfully shut down parts of Ukraine’s power grid.