Posted in: Archive
Published:
November 25, 2014 1:58 AM UTC

Possible State-Sponsored Malware, Regin, Has Secretly Spied on Computers for Years

Security researchers have just discovered "one of the most advanced pieces of malware ever created." Symantec researchers recently published their findings on a Trojan they named "Regin." Regin has been in use since at least 2008 and has only now been discovered. Researchers state the…

Security researchers have just discovered “one of the most advanced pieces of malware ever created.” Symantec researchers recently published their findings on a Trojan they named “Regin.” Regin has been in use since at least 2008 and has only now been discovered. Researchers state the tool is “a complex piece of malware whose structure displays a degree of technical competence rarely seen.

It’s been cleverly designed to spy on computer systems around the world while leaving hardly a trace behind. The software’s authors have gone to great lengths to cover its tracks.” Regin uses multiple layers of encryption to hide spying activities. When researchers at Symantec found the malware, they had to decrypt an entire sample package of files to even get a general idea of what the malware was up to.

Also read: Digital Rights Groups Release Tool to “Detekt” Government Spyware

State-Sponsored Malware Development?

The malware has been primarily found on computers located in Russia and Saudi Arabia, though smaller prescience of Regin has been found in Mexico, Ireland, Afghanistan, Iran, Belgium, Austria, and Pakistan. Most infections have targeted internet providers and telecom companies for stealing

Symantec researchers believe the Regin is likely the primary means of cyber espionage for the government that developed it. The Regin software itself is highly versatile, allowing different packages to be built into the payload that infects computers. The standard tools that Regin can add are: remotely control mouse and keyboard, take screen shots, record keypresses, and network activity, and recover deleted files. Symantec researchers have noted that infiltrators could apply much more specialized customizations to Regin for the task of monitoring energy utility or telecom systems. Custom payloads for Regin are another sign of state-sponsored development. Regin’s campaign can date back as early as 2006. With a highly complex and stealthy nature of the malware, researchers are almost certain that it was developed by a government.

This malware is designed for long-term espionage and is extremely difficult if not impossible for a standard computer user to detect. The fact that security experts have just now discovered it is a testament to the stealthy and sophisticated design of the story.

What do you think about the Regin malware? Comment below!

Images via Shutterstock and Symantec.

Last modified: February 13, 2020 6:52 PM UTC

Drew Cordell (@DrewjCordell) @DrewjCordell

Drew is an undergraduate student at the University of Texas at Dallas, majoring in Business. He is an active member of the Cryptocurrency community, and enjoys collecting, trading, and writing about various coins. Outside of the digital currency world, Drew tends to spend his time with friends, playing video games, or studying.

More of: malware
Show comments