'Regin' Malware 2014: Espionage Software Allegedly Linked to US, British Intelligence
The Regin malware -- the most sophisticated espionage software ever discovered by researchers -- is thought to be the work of U.S. and British intelligence agencies conducting worldwide cyber spying, reports The Intercept.
According to The Intercept, Regin was responsible for cyberattacks on the European Union and Belgacom, a Belgian telecommunications company.
Fox IT, a cybersecurity company, was hired to remove the malware from Belgacom's networks. Ronald Prins, a Fox IT security expert, told The Intercept, "Having analyzed this malware and looked at the [previously published] Snowden documents, I'm convinced Regin is used by British and American intelligence services."
The Regin malware's existence was reported by the computer security firm Symantec on Sunday. The malware has been secretly spying on computers since 2008, according to Symantec researchers who named the top-tier spy tool "Regin."
The researchers describe the malware as "a complex piece of malware whose structure displays a degree of technical competence rarely seen." Symantec reports that by using layers of complex encryption to hide spying activities, the tool was able to perform stealthy surveillance on worldwide computer systems unnoticed. When researchers discovered the malware on clients' machines, they had to decrypt many files to get a hint of what the malware was doing.
The Regin malware steals data from targeted computer systems while disguising itself as legitimate Microsoft software.
Most confirmed cases of Regin have been found on Russia and Saudi Arabia computer systems, although the espionage tool has also been detected in India, Ireland, Pakistan, Iran, Afghanistan, Belgium, Austria and Mexico.
Nearly 75 percent of infections were Internet providers and telecom companies for the purpose of obtaining information from business and individual clients that use their services, reports The Verge. Energy utilities, airlines, hospitality companies and research agencies were also targets.
Symantec states that judging by the elaborate software and its verified targets, Regin is state-sponsored, which means it isn't intended to steal your credit card information. A state-sponsored malware is used for spying. The computer security experts compare it to the Stuxnet worm they discovered in 2010 that was allegedly used to sabotage Iran's nuclear program.
The researchers do not know how the malware executes an attack. In one case, Regin exploited a Yahoo Messenger vulnerability. Computer security experts believe the software can use holes in applications or imitate popular websites to gain computer system access.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!