Who is Behind the sophisticated, stealthy Regin malware?

An advanced piece of malware has been uncovered, which has been in use as far back as 2008 to spy on governments, companies and individuals, Symantec said in a report released Sunday.

Symantec Security Response has discovered a new malware called Regin which, they say, “…displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.”
This back-door trojan has been in use, according to the security company, since at least 2008, and has stayed under the radar since.

The level of quality and the amount of effort put into keeping it secret convinces Symantec that it is a primary cyberespionage tool of a nation state.

Regin is a multi-stage attack, each stage but the first encrypted and none by themselves especially revealing about the overall attack. The picture only emerges when you have all five stages.

Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.

Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.

Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.

Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.

Symantec’s description in their threat database of the threat, where they call it Backdoor.Trojan.GR, indicates that it was detected and protection provided on December 12, 2013. Presumably they did not know what they had until much more recently, and retrospective analysis revealed the true nature of the threat and its use prior years.

Even so, there is still

Read Full Article at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...