A sophisticated cyber espionage tool has been stealing information from governments and businesses since 2008, and one report has linked it to US and British intelligence services.

The security firm Symantec identified the malware, known as Regin, and said it was used "in systematic spying campaigns against a range of international targets", including governments, businesses, researchers and private individuals.

The news website The Intercept reported later on Monday that the malware appeared to be linked to US and British intelligence, and that it was used in attacks on EU government networks and Belgium's telecom network.

The report, citing industry sources and a technical analysis of the malware, said Regin appears to be referenced in documents leaked by former National Security Agency contractor Edward Snowden about broad surveillance programs.

Asked about the report, an NSA spokeswoman said: "We are not going to comment on speculation."

Symantec's report said the malware shares some characteristics with the Stuxnet worm - a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program.

Because of its complexity, the Symantec researchers said in a blog post that the malware "would have required a significant investment of time and resources, indicating that a nation state is responsible".

The researchers added that "it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

"Regin's developers put considerable effort into making it highly inconspicuous," Symantec said.

"Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyse the payloads after it decrypted sample files."