1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Regin cyberspying threat

November 24, 2014

Cybersecurity researchers have said a highly sophisticated piece of malware called Regin has been around for years in a large-scale spying campaign. Businesses were among the attackers' targets.

https://p.dw.com/p/1Ds2u
An eye looking at a data stream
Image: Reuters

Cybersecurity firm Symantec said Monday a powerful and highly complex malware has been stealing secrets from governments, businesses and others, mostly in Russia and Saudi Arabia, since 2008.

The malware, known as Regin, was spotted "in systematic spying campaigns against a range of international targets," including public utilities, businesses and private individuals.

Without attributing it to any specific source, Symantec said the nature of the program indicated that some government was behind it.

Regin "would have required a significant investment of time and resources, indicating that a nation state is responsible," Symantec said in a blog post on its website.

Researchers also said the malware resembled the Stuxnet worm allegedly used by the United States and Israel to spy on Iran's nuclear program.

The largest numbers of infections - 28 percent - were discovered in Russia and 24 percent were in Saudi Arabia. Other attacks were registered in Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. No infections were registered in the US and China was not mentioned anywhere.

Computer infections occurred between 2008 and 2011 after which the highly sophisticated tool disappeared before a new version surfaced in 2013.

All hidden and encrypted

"It's likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks," Symantec said.

Researchers said airlines, utilities, hotel chains and telecom companies had been among the businesses targeted by the malware, which they said was able to steal passwords, monitor traffic and recover deleted files.

Symantec said it took so long to discover Regin because it posed "a multi-staged threat."

The company explained that each individual hidden stage provided little information on the whole package, adding that only by acquiring all five stages had it been possible to analyze and understand Regin.

hg/cjc (AFP, dpa)