Regin malware used in attacks since 2008, Symantec research finds
Newly-discovered complex malware could be state-sponsored, researchers claim
Symantec fears the Regin malware it's uncovered could have been created by an overseas government for the purpose of carrying out state-sponsored attacks against infrastructure providers and large enterprises.
The Regin malware has been picked up attacking firms across the globe and is described as one of the most sophisticated examples of malicious software ever seen.
At present, the majority of attacks are said to have taken place in Russia, Saudi Arabia and Mexico against telecommunications, energy and health companies, with Symantec describing the malware in a blog post as a backdoor-type Trojan with "a degree of technical competence rarely seen".
It added Regin has been used against a range of international targets since 2008, and can be used to spy on governments, infrastructure providers, businesses, research teams and individuals.
"It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state," the firm said.
Symantec did not name the likely geographical source of the attacks, but the victim nations suggest the source could a Western country with sufficient development resources.
Around half the total attacks were aimed at Russian and Saudi firms at 28 per cent and 24 per cent, respectively. Mexico and Ireland accounted for nine per cent each.
"Its design makes it highly suited for persistent, long term surveillance operations against targets," the researchers said.
In 2011 early versions of the malware were abruptly removed before it reappeared in a new form in 2013. This indicates an adversary had detected the software or was beginning analysis, causing its effectiveness to be reduced.
Symantec said "many components of Regin remain undiscovered and additional functionality and versions may exist." The firm said its investigations will continue and will provide updates as discoveries about the malware are made.
The case for a marketing content hub
Transform your digital marketing to deliver customer expectationsDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now
IT faces new security challenges in the wake of COVID-19
Beat the crisis by learning how to secure your networkDownload now