View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 24, 2014

Complex Regin malware indicates nation state backing

Advanced malware has been deployed in international spying campaigns since 2008.

By Ellie Burns

Regin, an advanced piece of malware, has been deployed in systematic spying campaigns against a range of international targets since at least 2008.

Symantec claim that the significant investment of time and resources in the development of Regin indicate that a nation state is reponsible.

Symantec, who today released a technical whitepaper detailing Regin, has stated that the development of Regin likely took months, if not years, to complete and its authors went to great lengths to cover their tracks.

Regin infections were found in a variety of organisations between 2008 and 2011. After being withdrawn, a new version of the malware resurfaced from 2013 onwards.

Targets include private companies, government entities and research institutes. Almost half of all infections targeted private individuals and small businesses.

Stephen Bonner, a partner in KPMG’s Cyber Security practice, commented: "Another day, another cyber espionage tool. The Regin malware seems to carry the fingerprints of a sophisticated cyber espionage operation, possibly by a nation state.

"Over time we are discovering more and more about the scale of these operations, as well as the growing variety of corporate information which seems to be targeted for espionage – in this case including hospitality and airline targets, as well as telecommunication backbones. Firms need to think carefully about the how they protect their most sensitive information – their crown jewels- as well as being vigilant in detecting and being ready to respond to sophisticated attacks."

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

A back door-type Trojan, Regin is customisable with an extensive range of capabilities depending on the target. The malware is a multi-staged threat, with each stage hidden and encrypted except for the first stage. The modular approach of the malware gives flexibility to the threat operators as they can load custom features tailored to individual targets when required.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.