Regin: An Elusive, Data Harvesting Malware Program

Business / Tech

Over the past few years, data breaches and data harvesting malware programs have become more and more common. This isn’t to say that they didn’t exist, but the levels of data and the amount of systems infected are rising. The latest malware program by the name of Regin has been discovered and has been documented well by Symantec, a cyber security company. This Malware program is very advanced. Symantec says,

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

The malware program functions in five stages, each has a level of loading and decryption. Each step relates to the other and in order to actually analyze the program you have to have capture all 5 individual steps of them. This is harder than is sounds, each stage contains very little information about the next or last stage and each one is extremely elusive. Symantec likens the structure of Regin to malware families like Flamer and Weevil.

Symantec released a really nice graphic that outlines the most targeted sectors. Private and small businesses are in the majority by far, then telecommunication companies.

Percentage of Regin infections by country. (Courtesy Symantec).

Percentage of Regin infections by country. (Courtesy Symantec).


The malware program hijacks calls from telecom companies and directs them through Regin’s infrastructure, needless to say, this will be incredibly hard to trace. Symantec says that Regin arrived to the scene in 2008 and left in 2011, updated, then showed up again in 2013.  The countries affected do not have geography in common, Russia, Mexico, India, and Ireland are among them, along with a few Middle Eastern and European Countries which doesn’t give clues as to where the program originates. Symantec concludes:

The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible.

Personally, I think that the investment of time and resources noes not only point towards a nationstate, but also a cooperation. Reign is worrying, not necessarily because you are going to be affected, but because the technology exists and has the potential to affect you.

How are you feeling about the the latest security breaches? Who do you think is behind them? Let us know what you think in the comments below or on social media.

  Source: CNET  Source: Symantec


To Top