WASHINGTON (AFP) -A highly sophisticated cyberspying tool has been used since 2008 to steal information from governments, businesses and others, security researchers said Monday.
The security firm Symantec said the malware, known as Regin, was seen “in systematic spying campaigns against a range of international targets,” including governments infrastructure operators, businesses, researchers and private individuals.
Symantec said the malware shares some characteristics with the Stuxnet worm – a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran’s nuclear programme.
Because of its complexity, the Symantec researchers said in a blog post that the malware “would have required a significant investment of time and resources, indicating that a nation state is responsible.”
The researchers added that “it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks.”
They described Regin as “a multi-staged threat,” with each stage hidden and encrypted.
Each individual stage provides little information on the package and “only by acquiring all five stages is it possible to analyse and understand the threat,” the researchers said.
“Regin’s developers put considerable effort into making it highly inconspicuous,” Symantec said.
“Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyse the payloads after it decrypted sample files.”