Regin is being used to target telecom operators, governments, financial institutions, research organisations, multinational political bodies and individuals involved in advanced mathematical/cryptographical research, they said.
Security solutions firm Kaspersky Lab said some of the earliest samples of Regin appear to have been created as early as 2003.
"Regin is aimed at gathering confidential data from attacked networks and performing several other types of attacks ... attackers turned compromised organisations in one vast unified victim and were able to send commands and steal the information via a single entry point," Kaspersky said.
This structure allowed the actor to operate silently for years without raising suspicions, it added.
"The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations," Kaspersky Lab Director of Global Research and Analysis Team Costin Raiu said.
Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users, Raiu added.
Post attack, attackers could have access to information about which calls are processed by a particular cell site, redirect calls to other cells, activate neighbour cells and perform other offensive activities.
According to another security solutions provider Symantec, Regin bears the "hallmarks of a state-sponsored operation" and is believed to have been in use since at least 2008.
(Also see: Symantec Uncovers New Spying Malware Regin With 'Stealth' Features)
"It is built on a framework that is designed to sustain long-term intelligence-gathering operations by remaining under the radar," Symantec said in a whitepaper.
Regin goes to extraordinary lengths to conceal itself and its activities on compromised computers and the sophistication and complexity suggests it could have taken well-resourced teams of developers many months or years to develop and maintain, it added.
Symantec found that almost half of all infections targeted private individuals and small businesses (48 percent), followed by telecom companies (28 percent), hospitality (9 percent) and others.
In terms of geography, Russian Federation accounted for 28 percent of the infections, Saudi Arabia (24 percent), Mexico and Ireland (9 percent each), India, Afghanistan and Pakistan (5 percent each).
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.