According to Bild, the Merkel associate had begun writing a speech on EU strategy at work and had copied the draft to a USB stick, which she then removed from the office to complete the speech at home on her personal laptop.
After returning to the office and copying the text back from the USB drive, the Regin malware was discovered by virus scanning software installed on her office computer.
Regin is capable of taking screenshots, as well as gathering, transferring and deleting data. Following the discovery of the malware, Germany’s Federal Office for Information Security scanned all of the Chancellery’s 200 high-security laptops. No similar malware was detected.
According to a November report by the Intercept, a website detailing NSA materials leaked by US whistleblower Edward Snowden, Regin has previously been used by the NSA in cyberattacks against the European Union.
The existence of this kind of cyberattack was first revealed by Snowden in 2013, though the specific malware used by the US intelligence agency was not specified. Regin has reportedly also been used by the GCHQ to infiltrate Belgium’s public telecommunication company Belgacom in 2013.
