Advertisement

Symantec exposes complex cyber-spying program

Regin has been stealing data from energy companies, airlines, ISPs, and individuals since at least 2008

Regin Malware

Internet security giant Symantec is calling Regin, a complex piece of malware used to steal data worldwide, one of the most complex and stealthy cyberespionage programs ever created. According to Symantec, the “capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.”

So far, it is known that Regin has been used for the collection of data and constant monitoring of targeted individuals and organizations. Regin has been used to spy against governments, researchers, academics, businesses, infrastructure operators and private individuals.

Symantec estimates that Regin has likely taken years to develop, considering the degree of technical competence of which the program is capable. As one might expect, the program’s authors have very carefully and systematically integrated protocols to cover their tracks.

A back door-type Trojan, Regin is a multi-staged threat. As such, each stage of the threat is hidden and encrypted. It is also considered a modular threat, with a number of components that depend upon one another to perform attack operations. Regin can also incorporate unique features customized for individual targets.

According to a recently released Symantec white paper on the threat, Regin “is built on a framework that is designed to sustain long-term intelligence-gathering operations by remaining under the radar. It goes to extraordinary lengths to conceal itself and its activities on compromised computers. Its stealth combines many of the most advanced techniques that we have ever seen in use.”

Regin’s capabilities include remote access Trojan features, such as controlling a mouse’s point-and-click functions, stealing passwords, gathering information on processes and memory utilization, scanning deleted files, taking screenshots, and monitoring network traffic.

Symantec first began tracking the Regin threat in the fall of 2013. They found multiple versions of Regin were in existence targeting corporations, institutions, academics, and individuals. At this time, approximately 100 Regin infections have been identified, but that number is expected to grow. In fact, Symantec has stated on their website that they believe “many components of Regin remain undiscovered and additional functionality and versions may exist.”

Via BBC News

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply