FireEye said it was not able to comment on the "shape of the victim organizations" but suspects that the attacks were carried out by what it believes "may be Russian nation-state sponsored threat actors."
"FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows," the company said in a Saturday blog post, adding that the pattern of attacks started on April 13, 2015.
According to FireEye, the attacks were most likely carried out by hacking group Advanced Persistent Threat 28 (APT28).
Did APT28, the group likely backed by the Kremlin, use two 0days in an attack we were able to detect and prevent? http://t.co/wSh7m1ohKP— FireEye (@FireEye) 18 апреля 2015
According to the company, Adobe has released a patch to eliminate the software vulnerability that the hackers took advantage of, while Microsoft is still working on a fix.
"While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous."
According to FireEye's October report, the assumed group of hackers had a particular focus on the post-Soviet republic of Georgia and Eastern European nations, as well as European security organizations, including NATO. Thus, FireEye concluded that the nature and scope of the hacking activities it detected pointed to the Russian authorities' backing of the APT28 hacking group.