Master Agent Featured Articles

There’s a new piece of computer malware floating around cyberspace that appears to be targeting telecoms in particular.

Time magazine reports that according to security firm Symantec (News - Alert), the malware called “Regin” (pronounced ‘Re-Gen’; short for ‘regenerate’) “…is considered to be a mass surveillance and data collection tool (sometimes referred to as ‘spyware’). Its purpose and origin is still unclear, Symantec said, but researchers believe that the program is the work of a nation-state.”

Symantec further notes that Regin reportedly monitors its targets with an unusual level of sophistication, with telecoms and Internet companies making up the bulk of those that are initially infected.

“Regin then targets individuals of interest — in the hospitality, energy, research, and airline industries, among others — that are served by those ISPs,” Time says. “Regin’s operators continue to use infected companies as a springboard to gain access to more individuals. Once they gain access, they can remotely control a person’s keyboard, monitor Internet activity, and recover deleted files.”

Regin obviously has implications for any company so attacked, but especially for those with sensitive data. It’s been reported that more than half of observed attacks have targeted Russia and Saudi Arabia, with the rest scattered across Europe, Central America, Africa, and Asia. “The initial infection can come from a wide variety of sources, such as copies of popular websites or Web browsers and USB drives that have been plugged into contaminated systems,” Time said.

So far analysts have determined that the attack comes in five stages, which consist of two preparation stages, followed by two stages to build a framework for the attack, and then finally the attack itself, seizing control of a computer or moving on to the next victim in a chain.

“One of the problems we have with analyzing is we don’t have all the components,” said Liam O’Murchu, a security researcher at Symantec. “You only get the modules set on that [particular] victim. But we know there are far more modules than what we have here. We don’t have enough information to understand. On top of that, it’s coded in a very advanced way to leave a small footprint. Anything they leave behind is encrypted. Each part is dependent on having all the parts.”