Mysterious malware performs 'stealthy surveillance'

[Hum]

A highly sophisticated piece of malware began quietly spying on governments and businesses in 2008, according to security specialist Symantec, which warns that the complex code was likely the handiwork of a nation state.

In a note released on Sunday, Symantec Security Response described the Regin malware as a ?top-tier espionage tool,? which enables ?stealthy surveillance.?

Regin is what is known as a backdoor Trojan, which lets an attacker gain access, or send commands to, a compromised computer. Like the mysterious Stuxnet worm which crippled Iran?s nuclear production in 2010, Regin loads onto a targeted computer in stages ? it can also be customized to specific targets.

?Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state,? explained Symantec. The malware, it added ?has been used in systematic data collection or intelligence gathering campaigns.?

While fear of a cyber attack on critical U.S. infrastructure is high at the moment, Regin appears to be a bigger worry for foreign powers. The Russian Federation accounts for 28% of Regin ?infections,? according to Symantec, closely followed by Saudi Arabia. Other countries experiencing Regin infections include Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.

Symantec, which began looking into Regin in the fall of 2013, noted that the first infections were between 2008 and 2011, at which point it was abruptly withdrawn.  The malware resurfaced again in 2013.

 

?Regin is the cyber equivalent of a specialist covert reconnaissance team,? said Pedro Bustamante, director of special projects at anti-malware specialist Malwarebytes. ?The analysis shows it to be highly adaptable, changing its method of attack depending on the target.?

 

Symantec said the malware conceals itself well and has several levels of protection. It uses multiple types of encryption, for example, and can communicate with the hacker that deployed it in several different ways.

It also uses a "modular" structure that conceals deeper layers of the malware and makes it "very difficult to ascertain what it is doing," researchers said.

more

 

source 2