The campaign, dubbed "Sandworm" is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista.

Although iSight only has a small view of the number of victims targeted in the campaign, the victims include among others, the North Atlantic Treaty Organization, Ukrainian and European Union governments, energy and telecommunications firms, defense companies, as well as at least one academic in the US who was singled out for his focus on Ukrainian issues. The attackers also targeted attendees of this year's GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders from Europe and elsewhere each year.

It appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region.