Bangalore, November 25 2014: Symantec has uncovered a new piece of malware—reminiscent of Stuxnet and Duqu—which bears the hallmarks of a state-sponsored operation and is believed to have been in use since at least 2008.\
Dubbed “Regin", this backdoor-type Trojan is being used as an espionage and surveillance tool, operating with a level of sophistication rarely seen. Notably, most of its code is not visible on infected computers, and it goes to great lengths to hide the data it’s stealing.
An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.
The infections are also geographically diverse, having been identified in mainly ten different countries; including India which accounts of 5% of the confirmed Regin Infections. Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.
To know more about Regin: see the Symantec whitepaper.