Russian hackers have apparently identified a previously unreported bug in Windows, also known as a zero-day attack, which was then used to spy on several Western governments, NATO and the Ukrainian government, The New York Times reports.
The news comes from security firm iSight Partners, which discovered that several European energy and telecommunications companies, as well as an academic organization in the U.S., have been targeted as well.
While hacking activities have been traced back to 2009, the zero-day bug has been used starting in late summer 2013. The security issue apparently affects various Windows versions from Windows Vista to Windows 8.1, and Microsoft is expected to release an update on Tuesday to patch the vulnerability.
Surprisingly, Windows XP isn’t impacted by this particular security threat.
iSight said that only the Russian hackers used the security bug so far, adding that other companies and organizations may have also been affected in addition to governments and NATO. The firm did not previously bring this security issue to light in order to give Microsoft time to prepare a patch.
The group of Russian hackers apparently used “spear-phishing techniques” in its attacks, which involve sending emails to targets containing attached documents that allow the attacker to take over a computer after being opened on that machine. The documents were specific to the Ukraine-Russia crisis.
It’s not clear whether the same people responsible for this particular type of hack are in any way connected to the many cyberattacks that hit various retailers and banks in the U.S. stealing personal data including credit card information for millions of U.S. citizens. Some of those hacks have also been traced back to Russia and/or Ukraine.