The attackers appear to have sought login credentials for GSM base stations, which are the first point of contact for a mobile device to route a call or request data. Stealing administrator credentials could have allowed Regin's masters to change settings on the base station or access certain call data.
Regin's other targets included the hospitality, airline and ISP industries, as well as government.
"We do not think [Regin] is a criminal type of enterprise," O'Murchu said. "It's more along the lines of espionage."
Sign up for CIO Asia eNewsletters.