Who is Behind the sophisticated, stealthy Regin malware?
An advanced piece of malware has been uncovered, which has been in use as far back as 2008 to spy on governments, companies and individuals, Symantec said in a report released Sunday.
Symantec Security Response has discovered a new malware called Regin which, they say, "...displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals."
This back-door trojan has been in use, according to the security company, since at least 2008, and has stayed under the radar since.
The level of quality and the amount of effort put into keeping it secret convinces Symantec that it is a primary cyberespionage tool of a nation state.
Regin is a multi-stage attack, each stage but the first encrypted and none by themselves especially revealing about the overall attack. The picture only emerges when you have all five stages.
Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.
Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.
Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.
Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.
Symantec's description in their threat database of the threat, where they call it Backdoor.Trojan.GR, indicates that it was detected and protection provided on December 12, 2013. Presumably they did not know what they had until much more recently, and retrospective analysis revealed the true nature of the threat and its use prior years.
Even so, there is still
Read Full Article at ZDNET
Symantec Security Response has discovered a new malware called Regin which, they say, "...displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals."
This back-door trojan has been in use, according to the security company, since at least 2008, and has stayed under the radar since.
The level of quality and the amount of effort put into keeping it secret convinces Symantec that it is a primary cyberespionage tool of a nation state.
Regin is a multi-stage attack, each stage but the first encrypted and none by themselves especially revealing about the overall attack. The picture only emerges when you have all five stages.
Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.
Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.
Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.
Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.
Symantec's description in their threat database of the threat, where they call it Backdoor.Trojan.GR, indicates that it was detected and protection provided on December 12, 2013. Presumably they did not know what they had until much more recently, and retrospective analysis revealed the true nature of the threat and its use prior years.
Even so, there is still
Read Full Article at ZDNET