The suspected involvement of a Spanish-speaking nation is unusual as the most sophisticated cyberspying operations uncovered so far have been linked to the United States, China, Russia and Israel.

Kaspersky Lab's researchers only came across the operation because it had infected Kaspersky's own software.

"There are many super-advanced groups that we don't know about. This is the tip of the iceberg," Costin Raiu, director of Kaspersky's global research team, said.

Raiu said The Mask hit government institutions, oil and gas companies and activists, using malware that was designed to steal documents and other sensitive files, as well as take full control of infected computers.

The operation infected computers running Microsoft Windows and Apple's Mac software, and probably mobile devices running Apple's iOS and Google's Android software, according to Kaspersky Lab.

The companies did not respond to requests for comment.

Kaspersky Lab said it worked with Apple and other companies last week to shut down some of the websites that were controlling the spying operation.

It named the operation The Mask for the translation of the Spanish word "Careto", which appears in the malware code.

Among other things, The Mask hackers took advantage of a known flaw in Adobe's ubiquitous Flash software that permitted attackers to get from Google's Chrome web browser into the rest of a target's computer, Raiu said. Adobe fixed the flaw in 2012, he said.

Raiu said The Mask attackers may have been aided by a booming grey market for undisclosed software flaws and the tools for exploiting them, known as "zero-day" exploits because the makers of affected software have no notice of the danger. Buyers of zero-days often leave the software vulnerabilities unfixed in order to deploy spy software.