As per a report by Symantec Corp, a malicious software application was discovered since 2008. The software is used to spy on private companies, governments, research institutes and individuals in 10 countries. Norton the anti-virus products company conducted research, which highlights that a “nation state” was likely the developer of the malware called Regin, or Backdoor. However, Symantec did not identify any countries or victims.
Symantec stated that Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward. According to Symantec, the malware uses several “stealth” features and even when its presence is detected; it is very difficult to ascertain what it is doing.
The Symantec report suggests that half of all infections occurred at addresses of internet service providers. It was observed that 28% of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors. The malware functions in five stages, which are hidden and encrypted with the exception of the first stage. Each and every stage of the malware provides some information of the complete package, and in order to understand the threat completely all, the five stages are required to occur.
As per the Reuters report, Symantec stated that, Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.