Sophisticated Regin computer virus ‘could be the work of a nation state’

A bug that spies on computer users may have been developed by a “nation state”, according to the internet security company that uncovered it. Symantec says the malware - called Regin - can take screenshots, control cursors and steal passwords. The highly sophisticated bug has been active since 2008, though it disappeared between 2011 and 2013. It is unusually low-key, making it “highly suited for persistent, long-term surveillance operations against targets”. It can go years without being noticed. Symantec said: “It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks.”

Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

Symantec report

Regin has been used to attack individuals, businesses, government entities and research institutes. Sectors that have been targeted include airline and energy. Telecoms firms have also been infected, allowing hackers to access phone calls. Computers can be infected with the software in different ways, commonly via fake internet sites and instant messenger programmes. Symantec claims Russia is the most affected country and accounts for 28 per cent of confirmed infections. Ireland, Saudi Arabia and Mexico have also been heavily affected but it is not yet known how many UK computers have been infected and no U.S. cases have been reported either. Once Regin hits a computer it is capable of stealing passwords, taking screenshots and even recovering deleted files from the trash.

Regin is intelligence gathering … it is used for the collection of data and continuous monitoring of targeted organisations or individuals.

Symantec report