Highly sophisticated malware 'Regin' exposed

Symantec says the Trojan is one of the most advanced ever seen and was likely developed by a nation state for cyber-espionage

Symantec has published a whitepaper detailing one of the most sophisticated pieces of malware the security firm has ever seen.

The backdoor Trojan, called Regin, is so advanced that it was almost certainly created by a government, says Symantec. “Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen,” says the report, adding that it would have taken months if not years to develop.

“Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.”

Regin is a Remote Access Tool (RAT), giving the attacker the ability to take control of infrastructure; however the Trojan also has advanced features such as a Microsoft IIS web server traffic monitor and a traffic sniffer of mobile telephone base station controllers. Its greatest strength appears to be its ability to be modified. Its modular design enables Regin to be tailored to the needs of a specific use case.

The bug was spotted in the wild in a range of organisations between 2008 and 2011, but now a new version appears to be popping up. Private companies, government entities and research institutes have all been targeted; however, small businesses and individuals make up 48% of verified attacks.

Worryingly, 28% of attacks appear to be targeting telecoms infrastructure, potentially enabling attackers to gain access to cellular calls.

“The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering,” said the report. “Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist.”

Read more on Remote Access Security