Regin malware used in attacks since 2008, Symantec research finds

Newly-discovered complex malware could be state-sponsored, researchers claim


Symantec fears the Regin malware it's uncovered could have been created by an overseas government for the purpose of carrying out state-sponsored attacks against infrastructure providers and large enterprises.

The Regin malware has been picked up attacking firms across the globe and is described as one of the most sophisticated examples of malicious software ever seen.

Advertisement - Article continues below

At present, the majority of attacks are said to have taken place in Russia, Saudi Arabia and Mexico against telecommunications, energy and health companies, with Symantec describing the malware in a blog post as a backdoor-type Trojan with "a degree of technical competence rarely seen".

It added Regin has been used against a range of international targets since 2008, and can be used to spy on governments, infrastructure providers, businesses, research teams and individuals.

"It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state," the firm said.

Symantec did not name the likely geographical source of the attacks, but the victim nations suggest the source could a Western country with sufficient development resources.

Advertisement - Article continues below
Advertisement - Article continues below

Around half the total attacks were aimed at Russian and Saudi firms at 28 per cent and 24 per cent, respectively. Mexico and Ireland accounted for nine per cent each.

"Its design makes it highly suited for persistent, long term surveillance operations against targets," the researchers said.

In 2011 early versions of the malware were abruptly removed before it reappeared in a new form in 2013. This indicates an adversary had detected the software or was beginning analysis, causing its effectiveness to be reduced.

Symantec said "many components of Regin remain undiscovered and additional functionality and versions may exist." The firm said its investigations will continue and will provide updates as discoveries about the malware are made.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



What is a Trojan?

24 Apr 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020