Regin is being used to target telecom operators, governments, financial institutions, research organisations, multinational political bodies and individuals involved in advanced mathematical/cryptographical research, they said.
Security solutions firm Kaspersky Lab said some of the earliest samples of Regin appear to have been created as early as 2003.
"Regin is aimed at gathering confidential data from attacked networks and performing several other types of attacks ... Attackers turned compromised organisations in one vast unified victim and were able to send commands and steal the information via a single entry point," Kaspersky said.
"The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations," Kaspersky Lab Director of Global Research and Analysis Team Costin Raiu said.
Also Read
Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users, Raiu added.
Post attack, attackers could have access to information about which calls are processed by a particular cell site, redirect calls to other cells, activate neighbour cells and perform other offensive activities.
"It is built on a framework that is designed to sustain long-term intelligence-gathering operations by remaining under the radar," Symantec said in a whitepaper.
Regin goes to extraordinary lengths to conceal itself and its activities on compromised computers and the sophistication and complexity suggests it could have taken well-resourced teams of developers many months or years to develop and maintain, it added.
Symantec found that almost half of all infections targeted private individuals and small businesses (48 per cent), followed by telecom companies (28 per cent), hospitality (nine per cent) and others.