The Russian government has denied similar allegations of cyber espionage in the past. Current and former US intelligence officials, nonetheless, say the capabilities of Russian hackers are on par with those of the United States and Israel.

"It's possible they've become more active in response to the Ukrainian situation," said a former intelligence official. "And when you become more active, you increase your likelihood of getting caught."

ISight dubbed the hacking group SandWorm because of references embedded in its code to the fictional planet Arrakis in the science fiction novel .

The firm began monitoring the hackers' activity late last year and discovered the vulnerability — known as a "zero-day" — in August, Ward said.

The flaw was present in every Windows operating system from Vista to 8.1, he said, except for Windows XP, which was not affected.

The Ukrainian government was targeted in September, a period coinciding with the Nato summit in Wales, where member states discussed Russia's actions in Ukraine.

Using a technique called "spearphishing", SandWorm sent emails to targets that appeared to come from legitimate sources but included attachments that, when opened, enabled the hackers to gain access to their computers, Ward said.

Some of the emails appeared to concern a global security forum on Russia and a purported list of Russian sympathisers or "terrorists", the firm said.

ISight was not able to determine how successful the hackers might have been in obtaining information. But Robinson said that by analysing the malware files, it was able to determine that certain targets, including Ukrainian government server, had been compromised.

Microsoft plans to release a patch for the vulnerability as part of the security industry's monthly "Patch Tuesday", a coordinated release of fixes to vulnerabilities in software.

SandWorm adapted malware previously used by cybercriminals, probably "to mask" its espionage intents, Ward said.