Digital security company Symantec Corp has revealed they discovered an advanced, malicious software app that has spied on private companies, governments, research institutes and individuals in ten countries for the last 6 years.
screenshot_186.png

According to California-based antivirus software maker, it found that a “nation state” was likely the developer of the malware, Regin. However, the security experts didn’t identify any countries or victims. It is only known that Regin’s design “makes it suitable for the long-term surveillance operations”. While the program was withdrawn in 2011, it resurfaced two years later.

The surveillance app uses a number of stealth features. The security specialists explained that even when its presence is detected, you can hardly ascertain what it is doing. Moreover, most of the components of Regin are still undiscovered, and there may be additional functionality and versions out there.

It was discovered that about 50% of all the infections occurred at the addresses of ISPs. The malware targeted the customers of companies rather than the companies themselves. Over Ľ of them were in telecoms, others ¬– in the energy, airline, hospitality and research sectors.

The antivirus software maker reported that the software had 5 layers, each hidden and encrypted, and each individual stage provided almost no information on the complete package. The threat could be understood only by acquiring all 5 stages. Symantec said that Regin used a modular approach that let it load custom features tailored to targets. Such method was also applied in other malware, including Flamer and Weevil (the Mask). Moreover, some of Regin’s features were similar to Duqu malware, which was detected 3 years ago, and related to a computer worm Stuxnet, detected the previous year.

As you can understand, cybersecurity is a very sensitive topic for businesses in the US, where there have been numerous breaches of major corporations and customer data. The government of the country and private cyber-intelligence companies claimed they suspect state-backed hackers in China or Russia. However, Russia and Saudi Arabia themselves made up about 50% of the confirmed infections of the Regin malware. Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan also suffered from the malicious app.