10 Countries, Six Years: Pernicious Malware Detected And Little Understood

As of Sunday, The Guardian is reporting that an intricate and malicious malware application has been spying on governments, private companies, research institutes and private citizens in at least 10 different countries for the past six years, maybe more, and that’s just the little that is known. There’s a lot still to be learned.

The discovery and announcement of the dubious malware application comes from a report released Sunday by software developer Symantec Corps, a California-based company best known, perhaps, for their Norton antivirus line.

According to Symantec’s research, a “nation state” is most likely the origin of the malware, known as “Regin”

Hmmm. . . do we know any nation states?

Symantec states that Regin is “highly suited for persistent, long-term surveillance operations against targets.” The Guardian reports that, as far as Symantec is aware, the program “was apparently withdrawn in 2011, but resurfaced in 2013.”

What makes the program so pernicious is its ninja-like stealth. According to Symantec:

Even when its presence is detected, it is very difficult to ascertain what it is doing. Many components of Regin remain undiscovered, and additional functionality and versions may exist.

Nearly half the Regin infections took place at ISP addresses, targeting customers, rather than the companies they frequent, according to Symantec’s report. Of those victims, The Guardian writes:

28% of targets were in telecoms, while other victims were in the energy, airline, hospitality and research sectors.

Symantec explains the ugly application is designed in five layers, each layer being encrypted and hidden from the others, except for the first one.

Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyse [sic] and understand the threat.

Regin works in a “modular” manner, which grants it the ability to customize itself to specific targets in the loading process. In that regard, it is similar to malware like Weevil and Flamer. The Guardian also states that certain features of Regin are also akin to Duqu, discovered in the fall of 2011, which was tied to the worm Stuxnet, known since 2010.

As we all know, security in the digital age is a pressing, extremely serious issue, especially in the U.S., where several breaches in privacy have occurred (and continue to occur). Funny enough, too, it is the home-of-the-infamous-NSA U.S. government and “private cyber-intelligence firms” that point their fingers at China and Russia for possible responsibility regarding Regin.

Anyone remember what your mother used to tell you about pointing at others?

And get this, the list of victims, according to Symantec, primarily reside in the following countries: Russia, Saudi Arabia, Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan, with Russia and Saudi Arabia making up nearly half of the documented victims alone. Know any “nation states” that might have a vested interested in monitoring those countries?

And again, this is just what’s known, and there is a lot to yet be discovered about Regin. One wonders what might be discovered regarding the malware if the information being shared did not come from a certain nation state under the rocket’s red glare.

Hey, there is a reason typewriters are coming back into style. If you’re online, you’re as visible as panties on a clothesline. Never forget that your unmentionables may be being ogled by the nation states next door.

H/T: theguardian.com / (Featured image courtesy of pixabay.com)

Terms of Service

Leave a Reply