Duqu 2 malware uncovered
A sophisticated piece of malware which has been compared in complexity to Stuxnet or Duqu, Regin has targeted victims in Russia, Saudi Arabia, Ireland and Mexico. IB Times

A sophisticated piece of malware called Regin could be more dangerous than either Stuxnet or Duqu and has been targeting victims in Russian, Saudi Arabia, Ireland and Mexico for the last six years.

Discovered by security firm Symantec, Regin has been used to spy on government organisations, businesses and private individuals and is likely the work of a nation state.

Regin is a backdoor-type Trojan with "a degree of technical competence rarely seen," Symantec said in a blog post.

"Customisable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organisations, infrastructure operators, businesses, researchers, and private individuals," it added.

Regin Malware Infection Location
Symantec

Over half of all victims are located in Russia and Saudi Arabia with Ireland and Mexico next on the list with 9% of infections each. Other targets include systems in India, Iran, Pakistan, Afghanistan, Belgium and Austria.

It is unclear who is behind the attack, but Symantec noted that the bug's capabilities and the level of resources behind it suggest that it is one of the main cyber espionage tools used by a nation state. Its development took months if not years, according to the firm.

Regin infections have been found in a variety of organisations between 2008 and 2011, after which it was abruptly withdrawn. A new version of the malware became active from 2013 onwards.

Screenshots

Its standard capabilities include several Remote Access Trojan features, such as capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.

Symantec's researchers believe many components of Regin remain undiscovered and additional functionality and versions may exist.

Targets of the super bug include private companies, government entities and research institutes. Almost half of all infections targeted private individuals and small businesses, followed by telecom companies, where it was used to gain access to calls being routed through their infrastructure.

Other sectors hit by the malware are research, airline, energy and hospitality.

Fingerprints

"The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets," Symantec said.

"The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering."

Stephen Bonner, who works in KPMG's cyber security division says: "Another day, another cyber espionage tool. The Regin malware seems to carry the fingerprints of a sophisticated cyber espionage operation, possibly by a nation state.

"Over time we are discovering more and more about the scale of these operations, as well as the growing variety of corporate information which seems to be targeted for espionage – in this case including hospitality and airline targets, as well as telecommunication backbones. Firms need to think carefully about the how they protect their most sensitive information – their crown jewels– as well as being vigilant in detecting and being ready to respond to sophisticated attacks."