Security firm Symantec has uncovered, what it has termed, a “lethal stealthy surveillance espionage tool” named Regin. As per company’s blog post, the tool has been extensively used to spy on various international targets, with 5% of them being in India.
The lethality of this new tool can be gauged from the following statement made by Symantec which says,
Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.
Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
As per a infographic released, over 28% of these attacks were aimed at Russia, followed by Saudi Arabia, Mexico, Ireland and India. Such high level of intrusions, specially in India can be understood from the fact that 48% of Regin’s attacks were on Individuals or Small Businesses. India is currently booming with a large no. of SMEs, and hence the attack.
As per Symantec, it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.
Symantec has detected this backdoor malware and in all new updates of Symantec’s security products, this malware is listed as Backdoor.Regin.