Symantec, which published a technical whitepaper on the malware Sunday, says it's likely "one of the main cyberespionage tools used by a nation state." (Photo: Grant Hutchinson/flickr/cc)
Nov 25, 2014
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
Join Us: Everything is on the Line
The future of all that we cherish is on the line and we have to fight like hell to protect democracy, human decency, and a liveable planet. The last line of defense is people who understand what’s at stake—activists, writers, thinkers, doers, and everyday people who see what is happening, know in their hearts that a better world is possible, and are willing to fight for it. You are one of the good people Common Dreams was built for. We provide independent news, progressive opinion, and crucial analysis on the day’s most important issues. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. But to keep publishing and remain strong in these dangerous times, we need your support. So we’re asking you today: Will you donate to our Fall Campaign and keep the progressive, nonprofit journalism of Common Dreams alive? |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.