Regin: Symantec Researchers Uncover Sophisticated Spy Tool

Security researchers at antivirus company Symantec recently discovered malware that has been used to target and spy on researchers, governments, businesses and telecommunications infrastructures across as many as ten different countries. The malware, called Regin, is being traced back to 2008 and is being identified as a highly sophisticated spying tool built to access a computer’s most sensitive information including secured files and documents, passwords and memory.

streamingThe New York Times reports, “the Regin malware is a part of a decade-long joint operation by the National Security Agency and its British counterpart, the Government Communications Headquarters,” a finding that was first mentioned in digital magazine The Intercept.

Of the countries targeted, NYT reports that Saudi Arabia, Russia, Pakistan, Afghanistan, India, Mexico, Ireland, Belgium and Austria were identified as primary victims.

“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless,” wrote Symantec. “What we have seen in Regin is just such a class of malware.”

The malware’s “capabilities vary from target to target,” notes NYT. “In one case, Symantec’s researcher found that Regin had been tweaked to sniff traffic sent to mobile telephone base station controllers. In another case, it had been customized to parse mail from Microsoft’s Exchange email databases.”

Symantec has detected numerous ways victims have come across the malware, including spoof websites with encoded downloads and the use of Yahoo Instant Messenger. As many as five different stages of attack have been observed.

“The discovery of Regin serves to highlight how significant investments continue to be made into the development of tools for use in intelligence gathering,” Symantec researchers added.