A highly sophisticated malware infection has been lurking on computers since at least 2008, experts at Symantec report. This malware, dubbed Regin, is considered one of the primary cyberespionage tools used by governments to gather intelligence “…against government organizations, infrastructure operators, businesses, academics, and private individuals” in Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria, and Pakistan (Regin: Top-tier espionage tool enables stealthy surveillance).
According to the report, Regin allows hackers remote access to take control over infected computers, “…capture credentials, monitor network traffic, and gather information on processes and memory utilization,” also allowing specific individuals to be targeted (US-CERT).
Although the malware infection was not found on any computers in the US or UK, any business with overseas operations, venders, suppliers, etc. should have their systems administrators review the list of indicators of compromise and follow the suggested steps to remove the malware if detected. Additionally, make sure anti-virus software is up-to-date. Because the malware was likely installed by tricking a user to click links on a spoofed website, it is important to also keep all parties involved with the business informed on the different types of cyber threats and how to avoid them. Visit the Cyber Threats section of your portal to learn more or contact your Client Services representative.
Marlia Fontaine-Weisse is the Content Manager for Preparis.