Regin: the brainchild of a state with extensive cyberespionage powers

24 Nov 2014

The Regin spy bug uncovered by software company Symantec was effectively the spillover of a sophisticated cyber-warfare skirmish between nation states, cyber experts agree.

Earlier today Symantec revealed the existence of Regin, a spy bug that has the ability to capture screenshots, record passwords and recover deleted files.

Symantec security strategist Sian John suggested the bug was the creation of a western government.

The majority of the attacks centres on Russia (28pc) and Saudi Arabia (24pc), however, Ireland had the distinction of attracting 9pc of attacks for some reason.

“It was designed to target specific organisations and individuals mostly based in governments, telecoms, energy, and research areas,” explained Brian Honan, a security expert who works with Europol.

“It appears that individuals were targeted too. As such this is not a mass widespread virus that should concern most people, however if you are involved in any of the targeted industries you should look at the report from Symantec to determine if your network and/or systems have been infected.

“It appears to have been designed to gather intelligence on the targeted organisations with the payload of the virus to include gathering of user credentials, network traffic, and copy files from the infected computers.”

Honan said that while it is difficult to pinpoint with accuracy what nation state was behind the inception of the attack, the reality is that it required considerable resources.

“While analysing how a virus has been constructed can give clues to the level of sophistication behind its development, it is very difficult to attribute who is behind a particular virus.

“In the case of Regin it is being compared in sophistication to other viruses such as Stuxnet, Duqu, and Flame. All these viruses are believed to have been developed at a nation state level, and it is believed that Regin has also been developed by a government with extensive cyberespionage capabilities.”

Advanced cyberwarfare

Confirmed Regin infections by country (Symantec)

Dermot Williams, managing director of Threatscape, said that what we are seeing is a case of advanced cyberwarfare between nations that has reached the public’s knowledge.

“This is a very sophisticated piece of malicious software which has been used in a number of highly targeted attacks at specific organisations of interest to the perpetrators.

“The identity of the nation behind the attack has not been disclosed, nor has the identity of the one (commercial) organisation in Ireland that had around 10 PCs infected.

Russia and Saudi Arabia between them account for around half the global infections.

“The intelligence organisations of every major state have developed both defensive and offensive cyber capabilities. Did the American’s put aerials on their embassy in Berlin to snoop on Angela Merkel’s cell phone? Yes. Did, or does GCHQ monitor hotel bookings from five star hotels to know when to send their spooks to snoop on internet access by visiting diplomats? Yes. Did the NSA tap the cable connecting the EU diplomatic missions in New York and Washington DC? Yes.”

Cyberwarfare image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years