SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
24 Nov 2014

Stealth malware found spying on telecoms, energy sectors

Regin's complex nature suggests a nation state is behind the cyberespionage tool's development, Symantec reports. An advanced piece of malware has been uncovered, which has been in use as far back as 2008 to spy on governments, companies and individuals, Symantec said.

The Regin cyberespionage tool uses several stealth features to avoid detection that required a significant investment of time and resources, suggesting it's the product of a nation state, the antivirus software maker warned, without suggesting which country was behind it.

The malware's design makes it highly suited for long-term mass surveillance, the company said. "Regin's developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years," the company said in a statement. "Even when its presence is detected, it is very difficult to ascertain what it is doing."

Regin's highly customizable nature allows for a wide range of remote access Trojan capabilities, including password and data theft, hijacking the mouse's point-and-click functions, and capturing screenshots from infected computers. Other infections were identified monitoring network traffic and analyzing email from Exchange databases.

Some of Regin's main targets include Internet service providers and telecommunications companies, where it appears the complex software is used to monitor calls and communications routed through the companies' infrastructure. Other targets include companies in the airline, energy, hospitality and research sectors, Symantec said.

The malware's targets are geographically diverse, Symantec said, observing more than half of the infections in Russia and Saudi Arabia. Among the other countries targeted are Ireland, Mexico, and India. Regin is composed of five attack stages that are hidden and encrypted, with the exception of the first stage, which begins a domino chain of decrypting and executing the next stage. Each individual stage contains little information about malware's structure. All five stages had to be acquired to analyze the threat posed by the malware.

Symantec said the multi-stage architecture is reminiscent of Stuxnet, a sophisticated computer virus discovered attacking a nuclear enrichment facility in Iran in 2010, and Duqu, which has identical code to Stuxnet but which appeared designed for cyber espionage instead of sabotage. Symantec said it believes that many components of Regin remain undiscovered and that additional functionality and versions may exist.

Cyberespionage is a sensitive subject, often straining diplomatic relations between countries. The US and China have tussled for years over accusations of electronic spying. The US has accused China's government and military of engaging in widespread cyberespionage targeting US government and business computer networks. China has denied the charges and accused the US of similar behavior targeting its own infrastructure.

Tags:
surveillance Russia Saudi Arabia USA Regin Stuxnet
Source:
CNet
2322
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015