Cybercriminals targeting European corporations and governments managed to stay undetected since 2002 – until one security company found them.