Symantec says a Stuxnet-like trojan has been spying for years


— 2:13 PM on November 24, 2014

Symantec says it has discovered powerful malware that's been spying on governments, corporations, researchers, and private individuals. Dubbed Regin, this "top-tier espionage tool" has reportedly been circulating since at least 2008. It hasn't been limited to high-profile targets, either. "Almost half of all infections targeted private individuals and small businesses," Symantec says. The gory details are available in a 21-page whitepaper (PDF) posted on the security company's website.

According to Symantec, Regin "provides its controllers with a powerful framework for mass surveillance." The program is modular, allowing attackers to tune the payload based on the target. Regin seems to have unfettered access to infected machines, and it was reportedly used to tap into calls flowing through telecommunications companies. As one might expect, the malware is extremely difficult to detect.

The software is far too sophisticated to be the work of independent hackers, Symantec says. Development "would have required a significant investment of time and resources, indicating that a nation state is responsible." It's unclear which country may have created Regin, but the majority of targets tabulated by Symantec were in Russia and Saudi Arabia. The U.S. didn't make the top ten.

Symantec "believes that many components of Regin remain undiscovered and additional functionality and versions may exist." Well that's just great. Thanks to TR reader David for the tip.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.