When cybersecurity firm Symantec uncovered the sophisticated malware Regin over the weekend, its analysts reported that it was most likely created by a national intelligence agency. Now, new reports suggest that the malware was a tool of the U.S. National Security Administration and British intelligence.

See also: Meet Regin, Government-Created Spyware That’s Been Active Since 2008

Based upon a combination of technical sources and its own technical analysis, a report in the Intercept concludes that a previously disclosed U.S. and U.K. attack on the European Union and a Belgian telecommunications company employed the Regin malware.

Sources close to the matter told the Intercept that the advanced malware had been found on the computers of Belgian phone and Internet provider Belgacom, which were known targets of the British surveillance agency GCHQ (for Government Communciations Headquarters). The news site’s sources said they also found the same malware on European Union computer systems targeted by the NSA.

Belgium and the European Union have known about the attacks since last year thanks to NSA whistleblower Edward Snowden. However, they have never been able to determine the specific software that was used to carry out the attacks. It remains unclear if Regin is the culprit, but the Intercept’s evidence suggests that it was possible the NSA and GCHQ could have been using the spyware.

See also: The Real Lesson From Recent Cyberattacks—Let’s Break Up The NSA

Ronald Prins, the security expert who was part of a team to remove the software from Belgacom’s computer system, said it was “the most sophisticated malware” he’d ever studied, and that he was certain a government was behind its construction.

“Having analyzed this malware and looked at the [previously published] Snowden documents,” Prins told the Intercept, “I’m convinced Regin is used by British and American intelligence services.”

Photo by Jonathan McIntosh