Symantec - “Regin” Extremely Sophisticated Cyber Espionage Tool

Security firm Symantec has revealed the details of an extremely classy cyber espionage tool known as "Regin" and says that it has been used in a "systematic spying campaigns" against many international targets since 2008.

Regin, a backdoor kind Trojan that can be customized with a massive range of potentialities depending upon the target and it grants its controllers with a dominant framework for mass surveillance. Its development apparently took a large time and its writers have gone to great extent to conceal its tracks.

Almost 50% of the Regin contagions have been identified which involve attacks on small businesses and private individuals in telecommunication sector seemingly trying to gain access to calls routed via that infrastructure.

The malware poses threat at different stages with each stage buried and encrypted except the primary phase which if executed initiates a domino decryption chain and loads following stages. Symantec said that there are overall five stages with each one providing limited information about the complete package it is only possible to analyze and understand the threat by acquiring all five stages.

Regin uses a modular approach to give flexibility to the operators of the threat because they can load custom features designed to individual targets whenever required.

There are dozens of Regin payloads according to Symantec. The standard capabilities of the threat include many Remote Access Trojan (RAT) features like capturing screenshots, taking control of the point-and-click functions of mouse. Monitoring traffic of the network stealing passwords and recovering deleted files.

Securityweek.com published a report quoting a comment of Liam O'Murchu, a security Researcher and Malware Analysis Expert of Symantec as "It took us long time to try and get the pieces of the puzzle together."

Symantec has not published any information about the identity of the person behind the malware and so there are only speculations as of now. Symantec lately disclosed the release of a version 3.0 which fixes up the flaws and discovery mechanisms Symantec used to identify the initial two editions that could indicate the need to construct a new and more complicated program to achieve final results.

» SPAMfighter News - 12/8/2014