'Sophisticated' Regin malware outed after spying on governments, ISPs and businesses since 2008
A “sophisticated” Trojan virus called Regin has been spying on governments, teleco providers and businesses since 2008, according to cyber security firm Symantec.
The firm has claimed the vastly complex malware, which hijacks PCs remotely to steal passwords, monitor network traffic and recover deleted files, was the work of a nation state.
A Symantec statement said: “An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.
“It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state.”
Personal computers and small businesses accounted for just under half of all the Trojan's attacks. Another quarter of reported breaches saw teleco networks as the target. Airline and energy systems were compromised too.
The Russian Federation was the most compromised nation, with over a quarter of all infections being found there. Saudi Arabia followed with 24 per cent of all cases. Mexico and Ireland reported just under a tenth of all cases each.
The firm said the malware was "highly stealthy" and was used in “systematic data collection or intelligence gathering campaigns”.
It added: “The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets.
China, the US and the UK were unaffected by the Trojan.