The popular cyber security expert Raoul Chiesa commented the hypothesis that backdoor Regin is a product of organized cybercrime. Regin also implements a credential stealing functionality that allowed attackers to syphon login credentials for social networks, and this can be part of Intelligence information gathering, but also for online banking services. In my experience probably only the RBN (Russian Business Network) was able to support a huge investment in research and resources, like the one behind Regin. In this sense, I can agree with those experts that consider Regin as the product of the Intelligence instead the cybercrime. The RBN was a really complex organization, with significant resources and significant security resources.”]
Source: https://securityaffairs.co/wordpress/30647/intelligence/regin-backdoor-cybercrime.html