Possible State-Sponsored Malware, Regin, Has Secretly Spied on Computers for Years

Journalist:
Drew Cordell (@DrewjCordell) @DrewjCordell
November 25, 2014

Security researchers have just discovered “one of the most advanced pieces of malware ever created.” Symantec researchers recently published their findings on a Trojan they named “Regin.” Regin has been in use since at least 2008 and has only now been discovered. Researchers state the tool is “a complex piece of malware whose structure displays a degree of technical competence rarely seen.

It’s been cleverly designed to spy on computer systems around the world while leaving hardly a trace behind. The software’s authors have gone to great lengths to cover its tracks.” Regin uses multiple layers of encryption to hide spying activities. When researchers at Symantec found the malware, they had to decrypt an entire sample package of files to even get a general idea of what the malware was up to.

Also read: Digital Rights Groups Release Tool to “Detekt” Government Spyware

State-Sponsored Malware Development?

The malware has been primarily found on computers located in Russia and Saudi Arabia, though smaller prescience of Regin has been found in Mexico, Ireland, Afghanistan, Iran, Belgium, Austria, and Pakistan. Most infections have targeted internet providers and telecom companies for stealing sensitive data of the users that use those services. Regin is not designed to steal credit card numbers; the complexity and stealthy nature of the software has allowed it to spy on users and steal information for over six years. According to Symantec, the sophistication of the software provides researchers with evidence that Regin is almost certainly state-sponsored. The US, Israel, and China are believed to be some of the nations with the funding and expertise to develop such a complex malware attack.

Symantec researchers believe the Regin is likely the primary means of cyber espionage for the government that developed it. The Regin software itself is highly versatile, allowing different packages to be built into the payload that infects computers. The standard tools that Regin can add are: remotely control mouse and keyboard, take screen shots, record keypresses, and network activity, and recover deleted files. Symantec researchers have noted that infiltrators could apply much more specialized customizations to Regin for the task of monitoring energy utility or telecom systems. Custom payloads for Regin are another sign of state-sponsored development. Regin’s campaign can date back as early as 2006. With a highly complex and stealthy nature of the malware, researchers are almost certain that it was developed by a government.

This malware is designed for long-term espionage and is extremely difficult if not impossible for a standard computer user to detect. The fact that security experts have just now discovered it is a testament to the stealthy and sophisticated design of the story.

What do you think about the Regin malware? Comment below!

Images via Shutterstock and Symantec.

Last modified (UTC): November 25, 2014 02:00

Tags: malware
Drew Cordell (@DrewjCordell) @DrewjCordell

Drew is an undergraduate student at the University of Texas at Dallas, majoring in Business. He is an active member of the Cryptocurrency community, and enjoys collecting, trading, and writing about various coins. Outside of the digital currency world, Drew tends to spend his time with friends, playing video games, or studying.