Regin Cyberespionage

What is Regin and why is it important?

Der Spiegel reported in 2013 that NSA had conducted online surveillance on EU citizens and EU institutions. This came from documents obtained by Edward Snowden. Der Spiegel quoted a secret 2010 NSA document stating that it made cyberattacks against the EU diplomatic representations in Washington, D.C. and its representations to the United Nations.

Regin is a sophisticated malware that targets specific users of Microsoft Windows-based computers. GCHQ in the UK uses it in their spy agency. Kaspersky Lab says it first became aware of Regin in 2012, but it could go as far back as 2003.

Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium,Austria and Pakistan. Kaspersky Lab said the malware’s main victims are private individuals, small businesses and telecom companies and has been developed by “well-resourced teams of developers,” possibly a Western government.


From Network World

Security researchers from Symantec have identified 49 more modules of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies.

This brings the total number of modules known so far to 75, each of them responsible for implementing specific functionality and giving attackers a lot of flexibility in how they exploit individual targets.

Regin came to light in November last year, but it has been in use since at least 2008 and antivirus companies have known about it since 2013.

Full article Researchers find many more modules of Regin spying tool