Symantec fears the Regin malware it's uncovered could have been created by an overseas government for the purpose of carrying out state-sponsored attacks against infrastructure providers and large enterprises.
The Regin malware has been picked up attacking firms across the globe and is described as one of the most sophisticated examples of malicious software ever seen.
At present, the majority of attacks are said to have taken place in Russia, Saudi Arabia and Mexico against telecommunications, energy and health companies, with Symantec describing the malware in a blog post as a backdoor-type Trojan with "a degree of technical competence rarely seen".
It added Regin has been used against a range of international targets since 2008, and can be used to spy on governments, infrastructure providers, businesses, research teams and individuals.
"It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state," the firm said.
Symantec did not name the likely geographical source of the attacks, but the victim nations suggest the source could a Western country with sufficient development resources.
Around half the total attacks were aimed at Russian and Saudi firms at 28 per cent and 24 per cent, respectively. Mexico and Ireland accounted for nine per cent each.
"Its design makes it highly suited for persistent, long term surveillance operations against targets," the researchers said.
In 2011 early versions of the malware were abruptly removed before it reappeared in a new form in 2013. This indicates an adversary had detected the software or was beginning analysis, causing its effectiveness to be reduced.
Symantec said "many components of Regin remain undiscovered and additional functionality and versions may exist." The firm said its investigations will continue and will provide updates as discoveries about the malware are made.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
