The latest malware to be uncovered by security experts and dubbed Regin was likely spawned in the labs of a western intelligence agency. At the moment, it is known that it was used to spy on governments and companies since 2008, but its purpose remains unknown, as are its operators.

It turned out that neither US nor UK, Australian, Canadian or New Zealand companies or governments became the targets of the Regin hackers. Instead, most victims are based in Russia and Saudi Arabia – 28% and 24% accordingly. Ireland was on the third place in the number of targets – 9% of overall detected infections.

This what makes the security researchers think Regin is not coming from the usual suspects (Russia or China). Not many countries are capable of creating such complex malware. They admit that if China and Russia have nothing to do with it, the most likely candidates are the US, UK or Israel. The interesting moment is that the Regin malware’s command and control communications include some English language, including repeated use of the word “shit” in data validation commands. However, this can’t be strong evidence, of course.

One of the victims of the malware was Belgian cryptographer Jean Jacques Quisquater, who discovered that he’d been targeted during an investigation into an alleged GCHQ attack on Belgium ISP Belgacom. A “mind-blowing” attack was also discovered against an unnamed country in the Middle East. In this case, all the victims communicated with each other through a P2P network, including the president’s office, a research center, educational institution network and a bank.

The purpose of the malware remains unknown. The security experts claim that Regin is not after intellectual property, and it wasn’t designed to cause destruction. Instead, it simply watches over just a few targets: indeed, only around a hundred of infections were uncovered across the globe since it emerged 6 years ago. It should also be noted that the target list includes government bodies, as well as small businesses, academics and even individuals. As for their area of activity, the malware creators were especially interested in the telecoms industry – perhaps, because that’s where everyone’s traffic passes through.

So, how the victims were attacked? It looks like the attackers were using usual methods that everyone should be aware of: tricking into visiting spoofed versions of innocent websites, or installing the threat via an Internet browser or by exploiting an app.

Although the creators of Regin remain unknown as well, the security experts recognize they had access to considerable coding and cryptographic talent, comparing Regin to Stuxnet and Flame, the infamous pieces of malware.

Regin should have been hard to discover over the years, but Microsoft did pick up on it three years ago. Nevertheless, the malware resurrected last year. Ordinary users have nothing to worry about here, as Regin appears to be part of a targeted operation, not blanket surveillance.