MOSCOW, November 24 (Sputnik) – Regin, a highly complex piece of advanced malware, was used to spy on governments, businesses, researchers and individuals since 2008, with Russia suffering the majority of infections, Symantec, a US technology giant, said in a post on its official blog.
Symantec, a cybersecurity firm that develops antivirus software, has defined the software, also referred to as Backdoor.Regin, as a backdoor Trojan, “customized with a wide range of different capabilities, which can be deployed depending on the target. It is a multi-staged, modular threat, meaning that it has a number of components, each depending on each other to perform attack operations.”
The malware was used from 2008 until 2011, and reintroduced in 2013. It mainly targeted internet providers and telecom companies. It has been discovered in at least 10 countries, with Russia suffering from 28 percent of infections. The bug has also been very active in Saudi Arabia, accounting for 24 percent of all infections. Other nations mentioned by Symantec include Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.
It takes months and considerable technical expertise to develop a malware like Regin. The structure of the bug “displays a degree of technical competence rarely seen,” Symantec stated concluding that it was likely developed by a nation state. The company has not specified what country it believes to be responsible.
Regin “can potentially be used in espionage campaigns lasting several years,” Symantec warned, adding that “even when its presence is detected, it is very difficult to ascertain what it is doing.” Moreover, the company believes that Regin is “one of the main cyberespionage tools used by a nation state”.
Symantec warned that it only discovered a limited number of components, saying that other versions of the program with additional functionality exist.
Regin resembles the notorious Stuxnet worm, believed to have been developed by the United States to target the Iranian nuclear program.