Government ministries, diplomatic missions and space-related state agencies in Russia, Kazakhstan and Vietnam have become victims of a targeted attack.
Up to 1465 computers in more than 60 countries were infected with malware in the attacks, researchers say.
It was unknown if sensitive data was stolen although researchers say attempts were made.
The attacks, dubbed Lurid, contained known malware and a custom toolkit used previously in attacks againt the US Government, researchers at Trend Micro said.
It exploited Adobe Reader vulnerabilities and malware embedded as *.rar compressed screensavers.
Attacks were controlled through a network of 15 domain names, 10 active IP addresses and unique identifiers embedded in malware.
Trend Micro security research director Rik Ferguson said the malware sent stolen information from compromised computers to the command and control network over HTTP POST.
“As is frequently the case, it is difficult to say for certain who is behind this series of attacks as it is easy to manipulate artefacts, such as IP addresses and domain name registration, to mislead researchers into believing that a particular entity is responsible,” Ferguson said.
The attacks come on the heels of a similar campaign dubbed ShadyRAT, discovered and named by McAfee. Critics of that research said the attacks were unsophisticated botnets.