UPDATED 06:15 EDT / NOVEMBER 24 2014

Symantec unearths sophisticated malware that’s been in the wild for at least 6 years

small__2192450204Researchers from the security firm Symantec Corp. have uncovered evidence of “highly advanced malware” in the wild. They believe the virus was developed by a nation-state state to spy on targets in various industries, including airlines, banking, energy, hospitality and research.

The malware has been given the name “Regin” and, according to Symantec, it displays “a degree of technical competence rarely seen.” It’s being compared to sophisticated malware like the Stuxnet worm that was used to attack Iran’s nuclear facilities, and which was also discovered by Symantec. Given the level of sophistication, researchers conclude it could only have been developed by a nation state with significant technological means at its disposal.

“It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks,” explains Symantec in a blog post. “Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.”

That also helps explain why it’s managed to stay under the radar since at least 2008, according to the researchers. Regin is said to operate like a back-door Trojan, giving attackers unhindered access to every system it manages to infiltrate. It is believed to have been used against businesses, governments, Internet service providers, private individuals, researchers and telecoms companies. It’s specific to computers running Microsoft Windows and operates in five stages, with the main route of infection being via spoofed websites, though Yahoo! Messenger was also used on at least one occasion. Symantec says Regin gives attackers “a powerful framework for mass surveillance,” and comes with the flexibility to customize packages embedded in the malware to suit each target.

Symantec lists ten countries as the main targets of the malware, with Saudi Arabia and Russia at the top. Other nations that have been targeted include Afghanistan, India, Iran and Mexico, as well as seemingly innocuous European nations like Belgium and Ireland.

Regin infections

Image credit: Symantec


The biggest unanswered question is who created Regin. Speaking to Re/Code, Symantec researcher Liam O’Murchu said he was sure it could only have been created by a technologically advanced country. The two obvious candidates, given their history, are China and the U.S., but several other countries also have the means to create sophisticated malware.

Researchers still have a lot to learn about Regin. To date, they’ve spotted around 100 infections, so it’s likely there are many more waiting to be discovered. Symantec also has yet to uncover the command and control system the attackers use to communicate with infected computers, and until they do so it’s unlikely they’ll be able to discover who is controlling it.

Main image credit: laurabillings via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.