Symantec has discovered a sophisticated malware called Regin that may have infected computers and networks since 2008. More than half of the affected firms and individuals located in Russia and Saudi Arabia.

The malware is capable of monitoring passwords and stealing data, taking screenshots of infected computers and tracking network traffic and email from Exchange databases, according to CNET.

Regin could have been in use since 2008 and its stealth design suggests that a nation state may be behind it, although Symantec did not name country in its report, released Sunday. “Its low key nature means it can potentially be used in espionage campaigns lasting several years,” Symantec said.

Symantec said that it may not have uncovered all of Regin’s capabilities and that it may exist in different versions and applications.

Regin was discovered affecting computers and networks across a range of industries, from Internet service providers and telecommunications firm to airlines, energy and hospitality and research firms. In addition to Russia and Saudi Arabia, other countries targeted include Ireland, Mexico and India.

Symantec likened Regin, which infects computers in a complex, multi-stage process, to Stuxnet, a virus discovered infecting a nuclear enrichment facility in Iran in 2010, and a similar virus called Duqu.

CNET calls cyberespionage is “a sensitive subject, often straining diplomatic relations between countries.” The website points the U.S. and China have accused each other of electronic spying over the years.