World's most advanced hacking spyware uncovered: 'Extraordinary' Regin bug has been stealing state secrets for six years 


comments

The world's most sophisticated cyber spying tool has been stealing information from government, businesses and individuals for six years.

The malware, called 'Regin', is probably run by a western intelligence agency and has mostly affected computers in Russia, Saudi Arabia and Ireland.

Once installed on a computer, it can steal passwords, capture screenshots, listen in on phone conversations and restore deleted files.

No one yet knows how Regin infected systems but it had been deployed against internet service providers and telecoms companies worldwide (right). The largest number of infections discovered - 28 per cent - was in Russia, and Saudi Arabia was second with 24 per cent (left)

'Extraordinary threat': The world's most sophisticated cyber spying tool has been stealing information from government, businesses and individuals for six years, it was announced today

Symantec, who found the malware, describes it as the most 'extraordinary' piece of hacking software developed, and was probably 'months or years in the making'.

They claim it is more advanced than Stuxnet, which was developed by US and Israel government hackers in 2010 to target the Iranian nuclear programme.

'We are starting to get glimpses into the secret war that is occurring at a nation-level in intelligence,' Professor Tim Watson, director of the Cyber Security Centre at Warwick University told MailOnline.

He said individuals should not be concerned about their private details, as Regin was designed to steal secrets at a state level.

No one yet knows how Regin infected systems but it had been deployed against internet service providers and telecoms companies worldwide (right). The largest number of infections discovered - 28 per cent - was in Russia, and Saudi Arabia was second with 24 per cent (left)
No one yet knows how Regin infected systems but it had been deployed against internet service providers and telecoms companies worldwide (right). The largest number of infections discovered - 28 per cent - was in Russia, and Saudi Arabia was second with 24 per cent (left)

No one yet knows how Regin infected systems but it had been deployed against internet service providers and telecoms companies worldwide (right). The largest number of infections discovered - 28 per cent - was in Russia, and Saudi Arabia was second with 24 per cent (left)

So far, infection from Regin have been found between 2008 and 2011, after which the malware disappeared before a new version surfaced in 2013.

No one yet knows how Regin infected systems but it had been deployed against internet service providers and telecoms companies worldwide.

The largest number of infections discovered - 28 per cent - was in Russia, and Saudi Arabia was second with 24 percent.

WHAT IS THE REGIN THREAT AND WHO HAS BEEN AFFECTED?

Regin has been active since 2008 and may have been created by a Western government.

It has been used to attack individuals and small businesses as well as private companies, government entities and research institutes.

Telecoms companies have also been infected, allowing hackers to gain access to phone calls.

It is highly sophisticated and may have taken months or even years to complete.

Computers can be infected with the software through means including fake internet sites and instant messenger programs.

It is unusually low-key, meaning that it can be used on a target for several years before being noticed.

A report released by Symnatec claims Ireland has been the site of 9 per cent of confirmed infections and Russia, Saudi Arabia and Mexico have also been heavily affected.

The report describes the purpose of Regin as 'intelligence gathering' and says: 'It is used for the collection of data and continuous monitoring of targeted organisations or individuals.'

Other countries where the malware was found included Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. 

There were no reported infections in the United States.

Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves.

Telecom companies were also infected, apparently to gain access to calls being routed through their infrastructure, the report noted.

Regin appeared to allow the attackers to capture screenshots, take control of the mouse's point-and-click functions, steal passwords, monitor traffic and recover deleted files.

Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger.

'Regin's developers put considerable effort into making it highly inconspicuous,' Symantec said.

'Its low key nature means it can potentially be used in espionage campaigns lasting several years.

'Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyse the payloads after it decrypted sample files.'

Professor Watson said that it is was difficult to draw conclusions about the origins or purpose of Regin or its origin.

'The targets are what you expect from a western nation,' he told MailOnline. 'So it seems reasonable that it came from them.

'That said, there is a fine tradition of false flagging in intelligence, where you make something look like it came from somewhere else, by targeting countries that throw people off the scent.'

The researchers said many components of Regin are still probably undiscovered and that there could be new versions of this tool which have not yet been detected.

Cyber espionage: Regin has been active since 2008 and may have been created by a Western state. It has been used to attack individuals and businesses as well as private companies, governments and research institutes. Telecoms companies have also been infected, allowing hackers to gain access to phone calls

Cyber espionage: Regin has been active since 2008 and may have been created by a Western state. It has been used to attack individuals and businesses as well as private companies, governments and research institutes. Telecoms companies have also been infected, allowing hackers to gain access to phone calls

The news comes amid heightened concerns on cyber espionage.

Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyber espionage that has hit targets in the US and elsewhere.

One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act 'on behalf of a Chinese government intelligence apparatus.'

A separate report by the security firm FireEye said a long-running effort to hack into US defence contractors, Eastern European governments and European security organisations is 'likely sponsored by the Russian government.'

However, Professor Watson said he is not concerned about Regin.

'When we had the Cuban missile crisis in 1962, it was the intelligence that both sides were getting that stopped us from having a global nuclear war. 

'Intelligence sometimes defends us all.'

 



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

0 comments:

Post a Comment