Symantec discovers sophisticated malware likely made by a Western intelligence agency
Researchers at Symantec have discovered malware that has been used to spy on individuals, telecoms, and businesses since 2008. It's thought to be the prime surveillance tool of a nation-state because of the sheer amount of time it would've taken to create such complex malware.
The malware is said to have been found in ten countries across the Middle East, North America, Russia, and Europe. The main targets are said to be Russia and Saudi Arabia, but the malware has also been discovered in Pakistan, Afghanistan, Ireland, and Mexico, among other countries.
Symantec reports that the malware, which is dubbed Regin, can spread through spoofed sites, insecure applications, and an unconfirmed exploit in Yahoo Messenger. The researchers report that whoever created Regin "put considerable effort into making it highly inconspicuous," with the hope of allowing it to "potentially be used in espionage campaigns lasting several years."
According to the Wall Street Journal, Symantec researchers believe Regin was developed by a "Western intelligence agency" because it closely resembles Stuxnet, the infamous malware used to sabotage Iran's nuclear programs in 2010, which was made by the United States and Israel. (Another security expert told the Journal that using Stuxnet as a comparison is misguided, however.)
It would make sense for Regin to have been created by a Western intelligence agency. Reports of widespread surveillance programs targeting digital traffic and phone data -- both of which can be gathered through this malware -- have become increasingly frequent over the last year or so. Most of those programs involve the National Security Agency or its British equivalent, GCHQ.
Besides, when it comes to identifying malware developed in the West, Symantec has a pretty good track record. This team is the same one that discovered Stuxnet back in 2010. Between that, the NSA's demonstrated interest in gathering information from ISPs and phone providers, and the malware's focus on the Middle East, Russia, and Mexico, thinking it might have been made in the United States doesn't seem too far-fetched.
[illustration by Brad Jonas]