A Russian hacking group probably working for the government has been exploiting a previously unknown flaw in Microsoft’s Windows operating system to spy on NATO, the Ukrainian government, a U.S. university researcher and other national security targets, according to a new report.

The group has been active since at least 2009, according to research by iSight Partners, a cybersecurity firm. Its targets in the recent campaign also included a Polish energy firm, a Western European government agency and a French telecommunications firm.

“This is consistent with espionage activity,” said iSight Senior Director Stephen Ward. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”…

The firm began monitoring the hackers’ activity in late 2013 and discovered the vulnerability — known as a “zero-day” — in August, Ward said. The flaw is pres­ent in every Windows operating system from Vista to 8.1, he said, except Windows XP.