Regin: Symantec discovers highly sophisticated spyware rivaling Stuxnet

November 23, 2014 3:34 PM from

“An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.”- Symantec

The newest piece of super sophisticated spyware, rivaling Stuxnet has been discovered lurking on computers in many sectors (Symantec’s pic 1) and in many places (Symantec pic 2).

This happened between 2008-2011 and the vector (how the computers became infected) is unclear. Telcoms were targeted so telephone conversations were probably intercepted.

There are apparently dozens of Regin payloads, as well, with highly specialized targets for information collection. It, like Stuxnet uses modules.

“The threat’s standard capabilities include several Remote Access Trojan (RAT) features, such as capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.

More specific and advanced payload modules were also discovered, such as a Microsoft IIS web server traffic monitor and a traffic sniffer of the administration of mobile telephone base station controllers.” – ibid

How it’s structured:

It also maintained a very low profile…to stay around and suck up goodies for years.

So, There’s no tool yet to see if you’re compromised or not, and Symantec believes that there remain many undiscovered components…so this thing is just getting started.

More power to Norton for finding this.

Source:

http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

24,618 views 6 replies

Reply #1 November 23, 2014 4:04 PM from

Elemental Forums Top

NSA at it again?

Reply #2 November 23, 2014 4:11 PM from

WinCustomize Forums Top

This would require very sophisticated skills. We're probably talking nation-state level...although which is open to guess at this point.

More than likely, as time goes on, more will get discovered and leaked.

Reply #3 November 23, 2014 6:58 PM from

Elemental Forums Top

NSA china, CIA, India, FBI, Builderburg group, ... So many choices, so little time.

Reply #4 November 24, 2014 3:09 AM from

Elemental Forums Top

http://www.bbc.com/news/technology-30171614 mentions russia, saudi arabia and ireland were targets. Which seems like an odd combination.

Reply #5 November 24, 2014 7:40 AM from

WinCustomize Forums Top

Well, Heavenfall...no one said they were targeted with the same modules for the same reasons...nor by the same people.

Reply #6 December 6, 2014 1:53 PM from

Elemental Forums Top

Quoting Heavenfall, reply 1

NSA at it again?

NSA can use built-in backdoors in Windows and SSL, TLS and so on.

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!