Trojan is likely state sponsored, has attacked Russian, Saudi internet providers and telecoms since 2008
Security researchers have discovered one of the most advanced pieces of malware ever created — and it’s been in use since at least 2008. Symantec researchers published their findings today on a new Trojan they’re calling “Regin.”
The researchers say the tool is “a complex piece of malware whose structure displays a degree of technical competence rarely seen.” It’s been cleverly designed to spy on computer systems around the world while leaving hardly a trace behind. The software’s “authors have gone to great lengths to cover its tracks,” reports Symantec, by using multiple layers of complex encryption to mask spying activities. Even when Symantec’s researchers did discover the presence of malware on clients’ machines, they had to decrypt an entire sample package of files just to get some idea of what the tool was up to.
The espionage tool has been found primarily on systems in Russia and Saudi Arabia, though its presence has been detected in smaller numbers in Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria, and Pakistan. Over half of all confirmed cases were on machines in Russia and Saudi Arabia. – The Verge