Hackers targeted the UK’s national security website ugg.co.uk with a malicious virus and installed the spyware.
It is the first time the British National Cyber Security Centre has seen an outbreak of this kind.
Security researcher Adam Jones, who has been monitoring ugg for years, said the attack appeared to be “the first time in many years that the UK has had a major cyberattack”.
“The cyberattack was very serious,” he told BBC News.
“It was a very powerful malware that was designed to steal user data and install it in a user’s computer.”
Security researcher Daniel Leopold said the attackers targeted the ugg site to install a virus.
“The virus appears to have been developed by the Russian Federation and then put into ugg by a third party,” he said.
“We’ve had no evidence that this virus was put into the UK to gain access to the UK Government.”
Security expert Daniel Leom, of security firm Check Point, said it appeared that “a third party was behind this attack”.
“This is probably the first instance of a third-party group or entity acting as a front for the Russian Government to get into the United Kingdom,” he wrote on Twitter.
Security firm Checkpoint has said it has traced the Russian spyware to an IP address at a Russian state-owned telecoms company.
“This IP address is associated with the country of RUSSIA, and we are currently working to confirm that it is connected to this country,” the company said.
Russia has denied involvement in the cyberattack, and said its hacking operations are directed against the United States.
“A cyber attack has been launched against the UK,” said a statement from the Kremlin.
“An attack was launched against a computer systems in the UK, aimed at stealing data and compromising the security of the UK National Computer System, and targeting the country’s information security and defence agencies.”
“A group of criminals is behind this cyberattack and the responsible party is not identified,” it said.
A cybercrime alert issued by the Office of National Statistics last week said cybercrime had fallen to a “trough low”, which was the first since March 2014.
It also warned that the number of cybercrime incidents and breaches had been rising.
Security experts said it was unlikely that Russia had been behind the attack.
“I think it’s pretty unlikely,” Mr Leopolds said.”[The Russian Government] could be behind this, but if they are it’s probably to get the attention of the US government,” he added.
Russia’s cybersecurity agency said in December it was investigating what appeared to have happened.
Russia also released a statement saying that its foreign intelligence services had “detected the existence of a new attack using malware designed by the GRU”.
The Russian Ministry of Defence did not immediately respond to BBC News’ request for comment.