An unusually sophisticated malware called “Regin” has
attacked internet and telecommunications companies in 14 countries since 2008,
Symantec and Kaspersky Labs said in separate reports.
Symantec believes Regin was likely created for cyber
espionage purposes by a nation state, although it didn't suggest which
government was responsible for it.
“Regin is a complex piece of malware whose structure displays
a degree of technical competence rarely seen,” Symantec wrote in a report
published on Sunday. “Its capabilities and the level of resources behind Regin
indicate that it is one of the main cyberespionage tools used by a nation
state.”
Symantec says Regin was first detected in 2008, but
disappeared three years later, only to resurface in 2013. Regin has attacked
all kinds of businesses, including telecoms, hospitality, and airlines, but
nearly half of it targeted private individuals and small businesses. Russia and
Saudi Arabia were the two hardest hit countries, each accounting for 28% and
24% of the attacks respectively, but it’s also been spotted in Mexico, Ireland,
and India.
In a follow up report on Monday, another IT security lab,
Kaspersky Labs, said it’s been tracking Regin for the past two years. It said
the victims of Regin were mostly seen in telecom operators, government
institutions, multinational political bodies, or financial/research
institutions. It says the two main objectives of the attacks were “intelligence
gathering” and “facilitating other types of attacks,” with 14 countries being
identified as victims of Regin so far. Like Symantec, Kaspersky concluded, it’s
likely Regin is “supported by a nation-state.”
Although none of the reports named which nation-state is
likely responsible for Regin, Re/code pointed to a couple reports (by The
Intercept and the Germany magazine Der Spiegel) as hinting that the NSA and the
UK’s intelligence agency GCHQ may have a hand in it.
The Wall Street Journal also reported that the malware
appears to be the tool used by GCHQ in an attack on a telecom company in
Belgium which delivered lots of traffic between Asia, Africa, and the Middle
East — areas of interest for western governments. The leak was exposed when
emails provided by Edward Snowden showed spies at British intelligence agencies
boasting about breaking into the telecom.
No comments:
Post a Comment