Intelligence gathering 'Regin' spyware discovered by Symantec2014-11-24 10:11 by Daniela
Tags: Regin, trojan, malware
Security firm Symantec has discovered a new malware that has been in the wild since 2008. The trojan, called Regin is believed to be a primary cyberespionage tool of a nation state and has been used against governments, telecom companies, businesses, and private individuals.
According to Symantec the malware is well disguised and has several levels of protection. Regin causes a multi-stage attack, with each stage but the first encrypted, so none of them reveals information about the overall attack. This means that all five stages are necessary for a single attack to be revealed.
The first attacks that Symantec noticed were committed between 2008 and 2011 (Regin 1.0), and then the malware disappeared. In 2013, a second version of the trojan came up (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.
"Regin is a highly complex threat which has been used in systematic data collection or intelligence gathering campaigns. The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible," Symantec said. "Its design makes it highly suited for persistent, long-term surveillance operations against targets."
Researchers from Symantec suppose that "many components of Regin remain undiscovered and additional functionality and versions may exist." They will continue to research and will let the public know when additional discoveries about the malware are made.
Read more -here-