In a report released on Sunday, Symantec announced that they had identified a particularly complex piece of malware that spies on governments, companies and individuals. This malware has apparently started being used in 2008 and is called “Regin”.
What makes this particular malware piece so complex is that it avoids detection by using stealth features. These features suggest that the product would have required resources and time to develop. As such, the antivirus software maker believes that the malware is the product of a nation state. They did not, however, reveal which nation created Regin. According to the same statement made by Symantec, the design of the malware makes it perfect for mass surveillance.
In the same statement, Symantec explained that Regin’s developers had invested considerable effort into ensuring that it is highly inconspicuous. Moreover, it was created to be used for long-term espionage and even when particular antivirus or antimalware programs detect it, it is still particularly hard to exactly ascertain what the program is doing.
Until now, its use has been identified in countries like Russia, Mexico, Ireland, Afghanistan, India, Belgium, Iran, Austria and Saudi Arabia.
Regin works like a back-door-type Trojan. Symantec experts explain that the piece of malware is customizable and is equipped with a wide range of abilities depending on its target. When the program first appeared in 2008, its creators abruptly withdrew it, only to produce another version in 2012. Symantec adds that infections with Reign initially affected private individuals or small businesses, however, later on, attacks on telecommunication companies occurred. Other targets have also included energy, airline, hospitality and research sectors, despite the fact that monitoring calls and communications seems to be one of the preferred fields of surveillance.
The malware program is comprised of five distinctly encrypted stages which follow each other like domino pieces. Each piece decrypts and executes the following.
Symantec added that this multi-layer encryption was similar to Stuxnet, another sophisticated virus which was discovered while it was attacking a nuclear facility in 2010.
Clearly, cyber espionage is a particularly sensitive subject, especially since it could cause tense diplomatic relations between involved countries. The U.S. and China have already landed in a cyberattack firestorm, where China has repeatedly denied attacking U.S. companies while accusing the U.S. of attacks on its own infrastructure.