Stealthy Regin stealing sensitive information

MailShark Spy logo

Stealthy Regin stealing sensitive information

Regin is the latest malware to be associated with cyber espionage campaigns. It is at this stage somewhat mysterious, though its capabilities suggest that it originates from a nation state. Targets appear to be telecommunication companies, governments, research organizations and individuals involved in crypto research.

According to a post by Kaspersky Lab, Regin was first identified in 2003. The current known version attempts to infect a network on as many levels as possible. The method appears to be to compromise an administrative account, which can then be used to spread Regin to other machines in the network.

At this stage, the exact attack vector for compromise is unknown. Some theories exist, such as man in the middle attacks utilising browser zero day exploits, but there is no tangible evidence to support the theories to date.

The primary purpose of the attacks is to extract and steal sensitive information, such as emails and documents. Regin utilizes command and control servers, but it has a very sophisticated way of communicating with the servers. Because Regin looks to infect many machines on a network, it can then use selected machines effectively as routers to communicate with a command and control server.

One of the more concerning infections of malware has occurred in a GSM cellular network. The information taken in this case was from several Base Station Controllers. A Base Station Controller looks after various aspects of a GSM cell including radio resource management, handovers between cells and network admission control. In this case, it appears that Regin monitored and logged commands from several base station controllers in 2008.

Various countries are listed in the report according to reported infections. The ccountries affected include two fairly small Pacific Island nations, namely Fiji and Kiribati. Whilst the report expresses some surprise, it does illustrate that no particular country should ever be considered “immune” from malware infection, no matter how isolated or small they may seem.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.