The group has used this zero-day exploit to hack computers used by NATO, Ukraine Government, European Telecommunications firms, Energy sectors and US academic organization.
The attack starts with a spear-phishing email containing a malicious power point document that exploits the vulnerability and infects victims machine with a malware.
"The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files."the report reads.
".. When handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources... This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands"
The vulnerability is reportedly affecting all versions of the windows operating systems from Vista SP1 to Windows 8.1. It also affects Windows servers 2008 and 2012.