Other computer security companies have been less direct about Regin's creator. Symantec maintained that it believed Regin was of such clever engineering that it must have been developed by a nation-state, but it stopped short of naming one.
In a statement on Monday, Symantec said it has not found any identifiers in Regin's code that indicate its origin and that "we do not have sufficient evidence to attribute it to any particular state or agency."
The Finnish computer security company F-Secure saw an early version of Regin in 2009 and also shied away from naming a country.
F-Secure found Regin on a server run by one of its customers in northern Europe. The server was occasionally crashing and showing the Blue Screen of Death, Tikkanen wrote. The cause was a driver that turned out to be a rootkit and an early Regin variant.
Mikko Hypponen, F-Secure's chief research officer, wrote on Twitter that F-Secure added detection for Regin, but didn't write about it publicly due to customer confidentiality concerns.
Hypponen maintained that F-Secure added detection for Regin in its products and that "no customer (and no government) has ever asked us not to add detection on some specific malware."
Microsoft also picked up on Regin, adding an entry for a variant into its database of malware on March 9, 2011. The entry, however, contains no technical data.
Sign up for CIO Asia eNewsletters.