Who Is Behind The Stuxnet Lookalike, Regin Malware? Evidence Suggest British And American Spies
The creators of the ransomware Teslacrypt reporedly published the decryption key when an ESET researcher asked them nicely.Reuters

Advanced malicious software named Regin, whose high degree of technical competence and level of anonymity make it reminiscent of software weapons Stuxnet and Duqu, has sent a wave of distress across the world.

The new cyber spying operation backed by an anonymous creator, presumably a sovereign government, is billed as the world's most sophisticated malware targeting different parts of the world without any specific pattern.

Symantec Security Response, which discovered the Regin malware, said the latest cyber threat has been in use for at least six years to spy on government organisations, internet providers, telecom companies, researchers, businesses, and private individuals.

Given the intense design, Symantec said Regin is probably "one of the main cyberespionage tools used by a nation state."

The Origin Of Regin?

Regin malware uses multiple levels with each stage hidden and encrypted. It also uses a modular structure that conceals the deeper layers of the malware and makes it extremely difficult to learn its motives.

Regin's comparison to Stuxnet, another spyware which was supposedly developed by the U.S. and Israel to target Iran's nuclear program, makes it one of the critical illicit entries into the web. Unlike Stuxnet's destructive motives, Regin is designed to collect information. But as we all know, information can lead to severe damage.

Countries Under Regin's Attack

Regin's widespread has mainly affected nations like Saudi Arabia and Russia. Other countries under Regin's attack include Mexico, Iran, Afghanistan, India and some European countries Belgium and Ireland. Symantec gave a break-down of Regin's impact on individual countries.

According to Symantec's report, Russia and Saudi Arabia were largely under Regin's attack accounting for 28 percent and 24 percent of the infections, respectively. Mexico and Ireland followed the chart with 9 percent of the attacks for each country. Additionally, India, Afghanistan, Iran, Belgium, Austria and Pakistan were among the countries where Symantec said it found the bug.

Symantec hasn't mentioned any instances of Regin to be found in the U.S. or China.

Am I At Risk?

Most attacks, nearly half, are targeted towards private individuals and small business while attacks on telecom companies account for 28 percent. Regin has also targeted other sectorys such as hospitality, energy, airline and research.

Regin has the capability to load several customized bugs that will grant privileged access to the victim's machine, such as remote access to take screenshots, tools to record information on financial transactions and the ability to recover deleted files.

Who Is Behind Regin?

This is a question that remains unanswered as Symantec's security researchers said the authors of Regin went through extreme efforts to "cover its tracks."

"The best clues we have are where the infections have occurred and where they have not," Liam O'Murchu, one of the researchers at Symantec, said in an interview with Re/code. "We know it was a government that is technically advanced. ... This has been a huge spying campaign dating back at least to 2008 and maybe even as early as 2006."

Symantec noted that Regin boasts several stealth features that help keep its identity hidden for several years. Even after being detected, the encryption does not allow it get past the concrete wall it has to protect its creator.

With such technically advanced capabilities, Re/Code suggests the attackers behind Regin could be the U.S. or China.