Regin's complex nature suggests a nation state is behind the cyberespionage tool's development, Symantec reports. An advanced piece of malware has been uncovered, which has been in use as far back as 2008 to spy on governments, companies and individuals, Symantec said.
The Regin cyberespionage tool uses several stealth features to avoid detection that required a significant investment of time and resources, suggesting it's the product of a nation state, the antivirus software maker warned, without suggesting which country was behind it.
The malware's design makes it highly suited for long-term mass surveillance, the company said. "Regin's developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years," the company said in a statement. "Even when its presence is detected, it is very difficult to ascertain what it is doing."
Some of Regin's main targets include Internet service providers and telecommunications companies, where it appears the complex software is used to monitor calls and communications routed through the companies' infrastructure. Other targets include companies in the airline, energy, hospitality and research sectors, Symantec said.
The malware's targets are geographically diverse, Symantec said, observing more than half of the infections in Russia and Saudi Arabia. Among the other countries targeted are Ireland, Mexico, and India. Regin is composed of five attack stages that are hidden and encrypted, with the exception of the first stage, which begins a domino chain of decrypting and executing the next stage. Each individual stage contains little information about malware's structure. All five stages had to be acquired to analyze the threat posed by the malware.
Cyberespionage is a sensitive subject, often straining diplomatic relations between countries. The US and China have tussled for years over accusations of electronic spying. The US has accused China's government and military of engaging in widespread cyberespionage targeting US government and business computer networks. China has denied the charges and accused the US of similar behavior targeting its own infrastructure.