Symantec, which published a technical whitepaper on the malware Sunday, says it's likely "one of the main cyberespionage tools used by a nation state." (Photo: Grant Hutchinson/flickr/cc)
Nov 25, 2014
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
Why Your Ongoing Support Is Essential
Donald Trump’s attacks on democracy, justice, and a free press are escalating — putting everything we stand for at risk. We believe a better world is possible, but we can’t get there without your support. Common Dreams stands apart. We answer only to you — our readers, activists, and changemakers — not to billionaires or corporations. Our independence allows us to cover the vital stories that others won’t, spotlighting movements for peace, equality, and human rights. Right now, our work faces unprecedented challenges. Misinformation is spreading, journalists are under attack, and financial pressures are mounting. As a reader-supported, nonprofit newsroom, your support is crucial to keep this journalism alive. Whatever you can give — $10, $25, or $100 — helps us stay strong and responsive when the world needs us most. Together, we’ll continue to build the independent, courageous journalism our movement relies on. Thank you for being part of this community. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
Security researchers have recently exposed a sophisticated new "military grade" malware program which is specifically targeting governments, academics and telecoms and, according to new reports, is suspected as being the handiwork of U.S. and British intelligence agencies.
According to security analysts with the Russian security firm Kaspersky Lab, which has been tracking the malware known as "Regin" for two years, the technology has two main objectives: intelligence gathering and facilitating other types of attacks.
Perhaps most notable, security researchers point out, is that none of the targets are based in either the U.S. or U.K. According to the Guardian, 28 percent of victims are based in Russia and 24 percent are based in Saudi Arabia. Ireland, with 9 percent of detected infections, has the third highest number of targets.
Since initial signs of the malicious software emerged in 2008, there have only been 100 or so victims uncovered globally. These include telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions, and individuals involved in advanced mathematical/cryptographical research.
Described as highly complex, the malware works by disguising itself as Microsoft software and then stealing data through such channels as "capturing screenshots, taking control of the mouse's point-and-click functions, stealing passwords, monitoring the victim's web activity and retrieving deleted files," according to Guardian reporter Tom Fox-Brewster.
Mikko Hypponen, chief research officer at F-Secure, told Fox-Brewster that his firm does not believe Regin was made by Russia or China, "the usual suspects." According to Fox-Brewster, this leaves the U.S., U.K. or Israel as the "most likely candidates," an assumption that Symantec threat researcher Candid Wueest said was "probable."
On Monday, Intercept reporters Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher published the first of an investigative series on Regin. Specifically, they note, Regin is the suspected technology behind both a GCHQ surveillance attack on Belgium telecom operator Belacom as well as an infection of European Union computer systems carried out by the National Security Agency. Both attacks were revealed last year through documents leaked by NSA whistleblower Edward Snowden.
On Sunday, Symantec was the first to report on the technology, publishing a technical whitepaper which described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," the paper continues.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.