CybersecurityA malware more sophisticated than Stuxnet discovered

Published 25 November 2014

Security experts at Symantechave discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said one security expert.

Security experts at Symantec have discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said Orla Cox, director of security response at Symantec.

One Western security official told CNBC News that it is difficult to ascertain the origins or purpose of Regin. “It’s dangerous to assume that because the malware has apparently been used in a given country, it did not originate there,” the official said. “Certain states and agencies may well use tools of this sort domestically.”

Regin’s attacks begin with a Trojan horse that exploits a security vulnerability while avoiding detection. Soon after, customized frameworks are built within a system to take control of targeted functions. Regin has already hacked Microsoft e-mail exchange servers and mobile phones on major global networks.

We are probably looking at some sort of western agency,” Cox said. “Sometimes there is virtually nothing left behind — no clues. Sometimes an infection can disappear completely almost as soon as you start looking at it, it’s gone. That shows you what you are dealing with.”

Regin infections occurred between 2008 and 2011, then a new version resurfaced in 2013.

Eugene Kaspersky, chief executive of Kaspersky Labs, the Russian company that helped uncover Stuxnet, recently told the Financial Times that criminals not sponsored by governments are now also hacking industrial control systems for financial gains. Criminal cyberattacks go beyond the credit card breaches at U.S. banks and retailers, they also include bypassing security at ports. Last year, Europol disrupted a drug ring that was hacking into the control systems of the Port of Antwerp to move containers hiding drugs away from customs inspectors.

Still, Liam O’Murchu, a security researcher at Symantec, insists that Regin is primarily used for espionage. “We see both companies and individuals targeted. The ultimate goal is to listen in on phone calls or something like that. [Regin’s operators] target individuals and spread the attack to find whatever it is they’re looking for. All of these things together make us think that a government wrote it,” she told Time Magazine.

On Monday, security industry sources told The Intercept that European Union computer systems and Belgacom, a Belgian telecommunications company, were victims of Regin attacks carried out by the National Security Agency and the British spy agency, Government Communications Headquarters (GCHQ). Ronald Prins, a security expert with Fox IT, hired to remove the malware from Belgacom’s networks, told The Intercept that he was “convinced Regin is used by British and American intelligence services.”