Spying software reportedly snooped on companies, governments, individuals since 2008
An advanced malicious software application has been uncovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, antivirus software maker Symantec said in a report Sunday.
The Mountain View, Calif.-based maker of Norton anti-virus products said its research showed that a “nation state” is likely the developer of the malware called Regin, or Backdoor. Symantec did not identify any countries or victims.
Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets” and was withdrawn in 2011, then resurfaced from 2013 onward.
The malware uses several “stealth” features, “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”
Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves.
About 28 percent of targets were in telecoms, while other victims were in the energy, airline, hospitality and research sectors, Symantec said.
Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”