Cyber threat researchers say they have discovered an advanced piece of computer spyware that has been used for years in espionage campaigns against government agencies, telecoms and other businesses in countries such as Russia and Saudi Arabia.
The malware, which the security firm Symantec dubbed Regin, has been used since at least 2008, the firm said in a new report.
Symantec researchers said they had no evidence tying the malware to a particular state, but said that it was “reminiscent of Stuxnet and Duqu” – two pieces of malware that were reportedly developed by the United States and Israel.
The software “provides its controllers with a powerful framework for mass surveillance,” said the report issued Sunday. Its sophistication and the resources required to develop it suggest it was created by a nation-state, the report said.
Infections were also found in Afghanistan, Pakistan, Iran, Mexico, India, Ireland and Belgium, the report said. No infections were found in the United States, Israel or Britain, which are three countries with highly developed cyber espionage capabilities.
One notable aspect of Regin is its ability to take control of a cellphone tower and listen in or reroute calls—even obtain cellphone location data, said Liam O’Murchu, a Symantec researcher. “We see telecoms targeted a lot by this” aspect of the malware, he said. Once the malware has taken hold, the hacker “has total control. They can do whatever they want,” he said.
The researchers say they have never seen malware with this capability before.
“The ability to penetrate and monitor [cellphone] networks is perhaps the most unusual and interesting aspect” of the malware, said Costin Rau, director of global research at Kaspersky Lab, which also detected Regin and reported on its findings in a blog post on Monday. He highlighted the risk of other hackers taking advantage of the capability to “launch different attacks against mobile users.”
Regin also allows the operator to run multiple operations off one platform, and to tailor the operation to the target, O’Murchu said. Capabilities include sniffing, tracking and stealing passwords and system administrator credentials. It “goes to extraordinary lengths” to conceal itself, the report said.