You cant make this up.
From what I have seen this malware is also operating at the Firmware level on a variety of devices, well beyond the surveillance of any AV that only scans the files available through an OS, or the boot sectors for rootkits.
I suspect theres millions of systems out there infected and no one is any the wiser as it lies dormat ready for action.
If its not the work of any spooks, who will be watching all the traffic passing over their networks, albeit encrypted until they do a man in the middle attack on it, by rerouting your DNS lookups thanks to an old trick called Phorm which was first used to inject adverts into your web browsing experience, but can be used across all ports, just like a MITM can be done on your secure email systems.
So if its not the spooks, then its got to be a skunk works dept in one of the US tech giants who have secured their own networks from Govt, or a massive hacker collective.
Either way these people are resourced and intelligent.