Mysterious malware performs 'stealthy surveillance'
A highly sophisticated piece of malware began quietly spying on governments and businesses in 2008, according to security specialist Symantec, which warns that the complex code was likely the handiwork of a nation state.
In a note released on Sunday, Symantec Security Response described the Regin malware as a “top-tier espionage tool,” which enables “stealthy surveillance.”
Regin is what is known as a backdoor Trojan, which lets an attacker gain access, or send commands to, a compromised computer. Like the mysterious Stuxnet worm which crippled Iran’s nuclear production in 2010, Regin loads onto a targeted computer in stages – it can also be customized to specific targets.
“Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state,” explained Symantec. The malware, it added “has been used in systematic data collection or intelligence gathering campaigns.”
While fear of a cyber attack on critical U.S. infrastructure is high at the moment, Regin appears to be a bigger worry for foreign powers. The Russian Federation accounts for 28% of Regin “infections,” according to Symantec, closely followed by Saudi Arabia. Other countries experiencing Regin infections include Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.
Roger Kay, president of Wayland, Mass.-based research firm Endpoint Technologies, told FoxNews.com that, even given the current tensions between America and Russia, it’s hard to say which state or group created the malware.
“The mix of targets doesn’t make it particularly obvious who is motivated to attack them,” he said, noting that the list includes some regional financial centers. “Austria is a 'quiet' financial hub – folks who have wanted a lower profile than opening a Swiss account, have opened an Austrian account,” he said.
Symantec, which began looking into Regin in the fall of 2013, noted that the first infections were between 2008 and 2011, at which point it was abruptly withdrawn. The malware resurfaced again in 2013.
“It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks,” Symantec wrote. “Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals”
Other experts have also acknowledged the malware’s potency.
“Regin is the cyber equivalent of a specialist covert reconnaissance team,” said Pedro Bustamante, director of special projects at anti-malware specialist Malwarebytes, in a statement emailed to FoxNews.com. “The analysis shows it to be highly adaptable, changing its method of attack depending on the target.”
The Regin revelations come at a time of heightened concern about cyber espionage. Last week, for example, National Security Agency director Admiral Michael Rogers warned that China, along with “one or two” other countries had the capability to successfully launch a cyberattack against the U.S. power grid.
Rogers’ comments follow a number of high-profile cyber security incidents. In August the U.S. government revealed that the Nuclear Regulatory Commission, which oversees the safety of U.S. nuclear reactors, had fallen victim to overseas hackers three times in the past three years.
This came hot on the heels of news that U.S. Investigation Services (USIS), the main provider of background checks to the U.S. government, had been targeted in an attack possibly launched by a foreign power.
Follow James Rogers on Twitter @jamesjrogers