The world’s most sophisticated intelligence-gathering spyware has been stealing information from internet service providers, airlines, energy companies, telecoms companies, research-and-development labs for six years.
This particular Trojan called ‘Regin’, is probably run by GCHQ and the United States’ National Security Agency and is referred as being similar to other malicious programs such as Flame, Duqu and Stuxnet which are also thought to be developed by a western Intelligence agency to aid their spying efforts. Symantech had discovered the Stuxnet malware back in 2010 that was allegedly used by US and Israel government hackers to attack Iran’s nuclear centrifuges.
According to Symantec, the primary targets of Regin spyware are Saudi Arabia and Russia with additional targets in 15 other countries, including Mexico, Iran, Afghanistan, India as well as European countries like Belgium and Ireland.
Kaspersky Lab, the Russian company like Symantec concluded that Regin has been around since circa 2008, operates much like a back-door Trojan, and has been used against customers of different organizations rather than the organizations themselves and had hacked Microsoft email exchange servers and mobile phone conversations on major ISPs including Yahoo! Messenger. The malware infects Windows-based computers and is said to operate in five stages giving the attackers a “powerful framework for systematic spying campaigns” and offers flexibility so attackers can customize the packages embedded within the malware.
Symantec said victims may have been fooled by forcing them to visit spoofed versions of popular websites to allow the spyware to be installed. Once installed, it can retrieve passwords, capture screenshots of important documents, tap phone conversations and restore deleted files and control mouse pointer.
Symnatec, who discovered the Trojan, describes that it would have taken months, if not years, to develop the most ‘extraordinary’ piece of hacking software and that only a nation state would have the resources to commission such a malware and precisely to target other governments.
The researchers said that many components of Regin remain undiscovered and that there could be latest versions of this malware which have not yet been detected.