On November 24th, 2014, Symantec Security Response announced that it had discovered a new malware called Regin. They stated that it, "...displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals." Regin is a back-door trojan with a multi-stage attack that is expected to have been in use since at least 2008 but has stayed under the radar due to its sophistication. Symantec is convinced that the level of quality and the amount of effort put into keeping it secret means it is probably a primary cyberespionage tool of a nation state. It has been used against governments, internet providers, telecom companies, researchers, businesses, and private individuals, says Symantec.
First Look Media's online publication The Intercept claims that according to its own technical analysis and security industry sources, Regin is the suspected technology behind sophisticated cyberattacks conducted by the US and UK intelligence agencies against the EU and a Belgian telecommunications company, Belgacom. Regin was found on infected computers and communications equipment at Belgacom after it was reportedly the target of a top-secret surveillance operation carried out by the British spy agency Government Communications Headquarters. The hacking operations against Belgacom and the EU were revealed last year through documents leaked by NSA whistleblower Edward Snowden but the specific tool used in the operations wasn't disclosed.
Regin could be just one of many new more advanced cyberespionage tools being developed for use in surveillance and cyberwarfare by nations. What is potentially disturbing with the use of Regin is that, if it is a tool used by the US and UK, it has been used not only against non-allied nations but allied nations as well. In fact, if the UK used it then it used it against its own fellow EU states.
