Regin, an advanced piece of malware, has been deployed in systematic spying campaigns against a range of international targets since at least 2008.
Symantec claim that the significant investment of time and resources in the development of Regin indicate that a nation state is reponsible.
Symantec, who today released a technical whitepaper detailing Regin, has stated that the development of Regin likely took months, if not years, to complete and its authors went to great lengths to cover their tracks.
Regin infections were found in a variety of organisations between 2008 and 2011. After being withdrawn, a new version of the malware resurfaced from 2013 onwards.
Targets include private companies, government entities and research institutes. Almost half of all infections targeted private individuals and small businesses.
Stephen Bonner, a partner in KPMG’s Cyber Security practice, commented: "Another day, another cyber espionage tool. The Regin malware seems to carry the fingerprints of a sophisticated cyber espionage operation, possibly by a nation state.
"Over time we are discovering more and more about the scale of these operations, as well as the growing variety of corporate information which seems to be targeted for espionage – in this case including hospitality and airline targets, as well as telecommunication backbones. Firms need to think carefully about the how they protect their most sensitive information – their crown jewels- as well as being vigilant in detecting and being ready to respond to sophisticated attacks."
A back door-type Trojan, Regin is customisable with an extensive range of capabilities depending on the target. The malware is a multi-staged threat, with each stage hidden and encrypted except for the first stage. The modular approach of the malware gives flexibility to the threat operators as they can load custom features tailored to individual targets when required.
