Sophisticated cyber-espionage malware uncovered by Symantec
Symantec has uncovered a sophisticated new piece of malware—reminiscent of Stuxnet and Duqu—which bears the hallmarks of
a state-sponsored operation and operates with a degree of technical competence rarely seen. The malware, dubbed “Regin,”
appears to have been in use since at least 2008 and is likely used as an espionage and surveillance tool by intelligence
agencies; however, we do not have sufficient evidence to attribute it to any particular state or agency.
In contrast to “traditional” APTs, which often seek specific information such as intellectual property, Regin is used
for the broad collection of data and continuous monitoring of its targets. Regin’s overarching purpose is to act as a
spying tool framework for intelligence agencies to customise, depending on the organisation, system or data they’re
targeting. Notably, the majority of Regin’s code is not visible on infected computers, and it goes to great lengths to
hide the data it’s stealing.
The link to the whitepaper and blog are following: