Sophisticated ‘State-sponsored’ Regin Spy Tool Discovered

IT security specialist Symantec has uncovered a new piece of malware, reminiscent of Stuxnet and Duqu, which bears the hallmarks of a state-sponsored operation and is believed to have been in use since at least 2008.

Dubbed ‘Regin’ by Symantec, this backdoor-type Trojan is being used as an espionage and surveillance tool, operating with a level of sophistication rarely seen. Notably, most of its code is not visible on infected computers, and it goes to great lengths to hide the data it’s stealing.

Regin’s targets

Regin’s targets include government organisations, infrastructure operators, businesses, academics and private individuals.

A Symantec spokesperson described Regin as customisable with an extensive range of capabilities depending on the target. They added: “It provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

A Symantec blog post describing the Trojan read: “It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber espionage tools used by a nation state.

“Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyse and understand the threat.”

The Symantec spokesperson added: “The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering. Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist.”

Additional analysis continues and Symantec will post any updates on future discoveries.

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago