Cybersecurity firm Symantec this week revealed the discovery of a new breed of malware aimed at gathering intelligence and stealing intellectual property and known as “Backdoor Regin.”
“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless. What we have seen in Regin is just such a class of malware,” stated Symantec researchers.
The firm reported that Regin, a Trojan horse-style virus, has multiple methods of stealing information and has been shown to have been used against a variety of targets dating back to 2008. Targets have mainly included individuals and small businesses (48 percent), telecommunications entities (28 percent), the hospitality industry (9 percent), and energy, airline and research ventures (all 5 percent).
“The main purpose of Regin is intelligence gathering and it has been implicated in data collection operations against government organizations, infrastructure operators, businesses, academics, and private individuals. The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain.”
Regin has not been detected in the U.S. as yet, but has been used against targets in Russia (28 percent of all instances), Saudi Arabia (24 percent), Mexico and Ireland (both 9 percent), and Pakistan, Austria, Belgium, Iran, Afghanistan and India (all 5 percent). Symantec noted in both its report and published accounts that Regin’s complexity – with five separate stages and several levels of encryption — makes it extremely difficult to detect. “Significant” time and money went into producing this malware, researchers explained, leading to speculation that it could have been created by a government intelligence agency for “persistent, long term surveillance operations.” Symantec compared it in complexity and structure to the Stuxnet malware, which was discovered in 2010 and had been intended to target critical infrastructure and disrupt government defense capabilities.