Breaking News Technology

Regin Malware Has Been Spying on Governments, Businesses for Past Six Years

Image courtesy of (renjith krishnan) /

A sophisticated malicious software application has been in use since 2008 to spy on governments, businesses, research institutes and individuals in 10 different countries, Symantec security researchers have discovered.

Known as Regin, the malware is customizable and complex, showing “a degree of technical competence rarely seen,” Symantec said in a blog post, adding that its make-up makes it ideal for long-term mass surveillance.

Screen Shot 2014-11-23 at 10.28.14 PMMore than 50 percent of infections have occurred in Russia and Saudi Arabia. But Ireland, Mexico, India, Afghanistan, Iran, Pakistan, Belgium and Austria have also been targeted on a smaller scale.

Regin uses several stealth features — including anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5 — to avoid detection.

Due to the complexity of the software, Symantec believes it to be the product of a nation state, although the firm did not suggest which country may be behind it.

“Regin’s developers put considerable effort into making it highly inconspicuous,” Symantec said. “Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing.”

Regin has the ability to capture screenshots, take control of a mouse’s point-and-click functions, steal passwords, monitor network traffic and recover deleted files.

The malware has routinely targeted Internet service providers and telecommunications companies with the express purpose of monitoring calls and communications that go through the companies’ infrastructure, Symantec said. Other companies targeted are in the airline, energy, hospitality and research sectors.

“The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering,” the firm said.  “Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist.”

About the author


Jennifer Cowan

Jennifer Cowan is the Managing Editor for SiteProNews.

1 Comment

Click here to post a comment