Malware, even the spying kind, isn’t uncommon, but it is quite rare to come across something as complex, modular, sophisticated, and long-lasting as the Backdoor.Regin that Symantec uncovered. This particular Trojan has managed to evade detection and forensic tools and in fact might still have some form out there. And it has been going around since circa 2008. This makes it a very dangerous tool in the hands of the very wrong people, and a bit of speculation suggests that it might indeed be the work of a nation state.
Regin is sophisticated, and therefore fearsome, on a number of levels. The first is that it is a highly modular and multi-staged Trojan. Being modular means that it can be customized and can have different features and capabilities, depending on the target or nature of the espionage. It is executed in multiple stages and each stage except the first one is hidden at great lengths in order to prevent discovery. A single stage is definitely not enough to give knowledge of Regin’s nature and purpose and it takes a completely infected system to derive that information.
Regin is also worrying because of how long it has been in the business. Symantec traces it back to 2008, with a brief hiatus in 2012. That means it has been infecting computers for almost 5 years now. And the targets are wide and varying, but almost half of the infections are notes to be private individuals, with attacks on telecoms used mainly as a springboard for getting access to individuals. And no country is safe either, with many across the world succumbing to Regin’s grasps. Given the modularity of malware, attack vectors have no fixed pattern and can range from web browsers to compromised software. And the effects of infection are as varied as well, from simply spying to stealing passwords, to remotely controlling the infected computer.
This malware is definitely no small matter and computer users, especially governments, should probably be a bit more cautious, especially considering the probable source of the malware. Although Regin’s creator’s covered their tracks well, given the complexity of the beast, Symantec theorizes that it took months, if not years, to develop the spyware and that only a nation state would have the resources to commission such a piece of software and precisely to target other governments. Who that particular nation state is, for now, remains a complete mystery.