Regin

Another entry for the Data Wars: A sophisticated malware variant that Symantec suggests is supported not by some group of hackers, but a nation-state. The identity of the supporting state isn't given - probably because it isn't known. There are some clues, even allowing for false flags and red herrings:

• Russia has the most infections, followed closely by Saudi Arabia.
• Mexico is a distant third, but shares with those first two that it is an oil-exporting country.
• Then again, perhaps Russia is first because it's local - Symantec calls it an "espionage tool" and internal surveillance might be important.
• China isn't on the affected countries at all, and neither is the United States.
• References to Stuxnet, which is rumored to have been created by either the United States or Israel.

Although independent operators shouldn't be discounted: just because they are a group of hackers doesn't mean they don't have significant resources backing them.Then again, some significant resources may be backing them because these activities are helpful to their supporters.