Malware used for 'state' espionage uncovered

Antivirus firm Symantec exposes highly sophisticated software used for years to spy on governments and private companies.

    Malware used for 'state' espionage uncovered
    Symantec said Russia and Saudi Arabia accounted for about half of infections of Regin software [file]

    Antivirus software maker Symantec Corp says it has uncovered an advanced malicious software application that since 2008 has been used to spy on private companies, governments, research institutes and individuals in at least 10 countries.

    The California-based maker of Norton antivirus products said in a report on Sunday that its research showed that a "nation state" was likely to be the developer of the malware called Regin, or Backdoor.Regin, but Symantec did not identify any countries or victims.

    Symantec said Regin's design "makes it highly suited for persistent, long-term surveillance operations against targets," and was withdrawn in 2011 but resurfaced from 2013 onward.

    The malware uses several "stealth" features "and even when its presence is detected, it is very difficult to ascertain what it is doing," according to Symantec. It said "many components of Regin remain undiscovered and additional functionality and versions may exist".

    'State-backed hackers'

    The US government and private cyber intelligence firms have said that they suspect state-backed hackers in China or Russia may be responsible.

    Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.

    Almost half of all infections occurred at addresses of internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves.

    About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

    The antivirus company described the malware as having five stages, each "hidden and encrypted, with the exception of the first stage." It said "each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyse and understand the threat."

    Cyber security is a sensitive topic for businesses in the US, where there have been several breaches of major companies and customer information.

    Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), Symantec said.

    Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

    SOURCE: Agencies


    Interactive: How does your country vote at the UN?

    Interactive: How does your country vote at the UN?

    Explore how your country voted on global issues since 1946, as the world gears up for the 74th UN General Assembly.

    'We were forced out by the government soldiers'

    'We were forced out by the government soldiers'

    We dialled more than 35,000 random phone numbers to paint an accurate picture of displacement across South Sudan.

    Interactive: Plundering Cambodia's forests

    Interactive: Plundering Cambodia's forests

    Meet the man on a mission to take down Cambodia's timber tycoons and expose a rampant illegal cross-border trade.