CHINA TOPIX

03/29/2024 03:06:14 am

Make CT Your Homepage

Sophisticated REGIN Spying Malware Instigated By U.S.?

Hacker

(Photo : Reuters) DDoS remains a favorite attack tool.

Cyber-security firm Symantec Corp. has discovered a sophisticated malware called "Regin" that acts as a stealth data collection and surveillance tool, likely to have been developed by a technologically-advanced "nation state."

The report, published on Sunday, comes from the same Symantec team that aided the discovery of the computer worm Stuxnet in 2010. Dubbed by Wired.com as the world's first digital weapon, Stuxnet is believed to have been created by the United States in collaboration with Israel aimed at sabotaging Iran's nuclear program.

Like Us on Facebook

Symantec analysts have declined to speculate on the malware's origins, only saying that the best clues lie on the locations the infections have cropped up and where they have not.

Over 50 percent of the infections - which breached government and business organizations, researchers, and private individuals - were detected in Russia and Saudi Arabia. The rest was spread out across Mexico, Ireland, Afghanistan, Austria, Belgium, India, Iran and Pakistan.

No detections have so far been detected in the U.S.

Regin is a highly complex malware that demonstrates a rare level of technical competence with its broad range of capabilities that grants its controller with a "powerful framework for mass surveillance," according to the report.

Symantec researcher Liam O'Murchu suggested the technology was from a highly-advanced government, noting Regin's extensive spying initiatives that date back to 2008, possibly even as early as 2006.

Earliest Regin spying operations were detected in 2008. The activity seemed to have stopped in 2011 but resumed two years after in 2013, the report detailed.

Widespread speculation points Regin's origins to the U.S. National Security Agency or the Central Intelligence Agency, possibly in collaboration with Israel, given the list of infected countries. However, observers are also quick to point out China as a viable candidate.

The malware appears to target Microsoft Windows systems. It is carried out in five stages, with only the first one being detectable. Subsequent stages follow, which are opened and executed with sophisticated decryption, much like Stuxnet.

Almost half of the infections were found at Internet Service Providers, particularly their customers, including those of telecommunication, hospitality, energy, airline and research companies.

An isolated incident coursing the malware through Yahoo Instant Messenger were also found. Symantec posits the victims had been tricked with phishing methods.

O'Murchu claims the pieces of Regin are still undiscovered and circulating. He hopes its recent discovery and publication of its findings would drive further research on the malware.

Real Time Analytics