SAN FRANCISCO (Reuters) - Hackers targeted dozens of computer systems at government agencies across Europe through a flaw in Adobe Systems Inc's software, security researchers said on Wednesday, while NATO said it too had been attacked.

Attacking team members work to hack into a network during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, September 30, 2011. REUTERS/Jim Urquhart

The alliance said its systems had not been compromised, although it was sharing the details of the attack with NATO member states and remained vigilant. Security experts say governments and organizations such as NATO are attacked on a daily basis - although the sophistication varies wildly.

These particular attacks appeared both widespread and innovative, the private computer security firms announcing the discovery said, with one expert saying he believed a nation-state might be responsible.

Russia's Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.

They also said a think tank, a research institute and a healthcare provider in the United States, a prominent research institute in Hungary and other entities in Belgium and Ukraine were among those targeted by the malicious software, which they have dubbed "MiniDuke".

The researchers suspect MiniDuke was designed for espionage, but were still trying to figure out the attack's ultimate goal.

"This is a unique, fresh and very different type of attack," said Kurt Baumgartner, a senior security researcher with Kaspersky Lab. "The technical indicators show this is a new type of threat actor that hasn't been reported on before."

He said he would not speculate on who the hackers might be.

The malware exploited a recently identified security flaw in Adobe's software. Adobe said a software patch issued last week should protect users from "MiniDuke" providing they downloaded it.

Boldizsár Bencsáth, a cyber security expert who runs the malware research team at CrySyS, told Reuters that he had reported the incident to NATO, although it was not clear if that was what first alerted the alliance.

Bencsáth said he believed a nation-state was behind the attack because of the level of sophistication and the identity of the targets, adding that it was difficult to identify which country was involved.

Exactly how serious the attacks were was not immediately clear, nor who exactly the targets were or at what level European governments were alerted.

The Czech counterintelligence agency BIS said they were not aware of any massive hacking attacks on Czech institutions from abroad recently. The Czech National Security Bureau, responsible for government data, was not immediately available for comment. Neither were officials from other states said to be affected.

A NATO official in Brussels had earlier said the alliance was not directly hit, but he said later that he had been incorrect. He gave no further details.

The researchers, who declined to further elaborate on the targets' identities, released their findings as more than 20,000 security professionals gathered in San Francisco for the annual RSA conference.

USING ADOBE, TWITTER, GOOGLE

MiniDuke attacked by exploiting recently discovered security bugs in Adobe's Reader and Acrobat software, according to the researchers. The attackers sent their targets PDF documents tainted with malware, an approach that hackers have long used to infect personal computers.

The bugs were first identified two weeks ago by Silicon Valley security firm FireEye. The firm reported that hackers were infecting machines by circulating PDFs tainted with malicious software.

The MiniDuke operators used an unusual approach to communicate with infected machines, according to the researchers. The virus was programmed to search for Tweets from specific Twitter accounts that contained instructions for controlling those personal computers. In cases where they could not access those Tweets, the virus ran Google searches to receive its marching orders.

Officials with Twitter and Google could not immediately be reached.

Bencsáth said he believed the attackers installed "back doors" at dozens of organizations that would enable them to view information on those systems, then siphon off data they found interesting.

He said researchers had yet to uncover evidence that the operation had moved to the stage where operators had begun to exfiltrate data from their victims.

Privately, many Western government and private sector computer experts say China is the clear leader when it comes to state-sponsored cyber attacks to steal information - although they rarely say so publicly and Beijing angrily denies it.

According to cyber security expert Alexander Klimburg at the Austrian Institute for International Affairs, however, the closest attack to this in style was a Trojan dubbed "TinBa" identified two months ago and used for banking fraud attacks. That was suspected to have been built by Russian hackers, he said, talking down the prospect of state involvement.

"There are some interesting aspects to the attacks," said Klimburg, pointing to the use of Twitter. "(But) most of the attack does not seem that new at all. Some of the... 'tricks', such as using pictures to hide data, are more reminiscent of proficient students rather than government agencies."

(Additional reporting by Peter Apps in London, Jan Lopatka in Prague and Adrian Croft in Brussels; Editing by Jeremy Laurence, Leslie Gevirtz and Mohammad Zargham)

• Travel Picks: Top 10 golf resorts around the world
• Chinese premier criticizes EU move on trade measures
• Justice Department opposes AMR's $20 million severance for CEO Horton
• News Corp to take charge of up to $1.4 billion this quarter
• Wall Street Week Ahead: Investors look for signs in the rally's break
• Unhappy with how your fave series is faring? Amazon gives you a say
• Visa, Mastercard ask U.S. court to declare card fees are lawful
• Wall Street posts first weekly loss since mid-April on Fed angst
• IMF's Lagarde escapes formal investigation in court
• Politics of development pays dividend
• A thematic play seen
• Sarawak counters hogging the limelight
• Getting GST acceptance will be tough
• A yen for the unloved dollar standard
• Bitten by the music bug

• After Kabul attacks, 10,000 peace balloons
• Report: Google eyes emerging markets networks
• IMF chief avoids charges in French payout scandal
• Seven months after Sandy, New York beaches re-open

• South Korea in seventh heaven
• Make betting legal, says top Indian body
• NBA: Pacers edge Heat to even series
• Arat: Istanbul bid to host the 2020 Olympic is about building bridges
• Golf: Two share lead at inaugural rain-hit Pure Silk LPGA
• Golf: Kuchar leads weather-hit Colonial
• Squash: Matthew offers a message with a warning
• Golf: Molinari leads but Ryder Cup colleagues crash out
• Tennis: Djokovic blocks Nadal path to Paris super eight
• MSSM meet: 15 records in five days augur well for M’sian athletics
• Indonesian Rexy's advise to M'sian team: Stick together as a family
• Yongbo: Beat us if you can, not good for China to win all the time
• Thai Ratchanok wins many hearts with her gritty display
• Squash:M'sian Nicol beats New Zealander in straight sets to reach last four
• Basketball: Warriors have no problem taming Dragons in Jakarta

• Please wait.

• Living through your midlife
• Malaysia a favourite of Muslim travellers
• Who has the better chance of bagging that high-salary post?
• Sarawak counters hogging the limelight
• Klang Valley a haven for UOA Dev
• Painting of merry old couple covered up to prevent accident at Chew Jetty
• More can be done to promote private retirement scheme
• Misif: Mergers vital for local steel millers to compete
• Big crowd at Pakatan rally at Dataran PJ (Live Updates)
• Saiful Bukhari is now a married man