The advanced Regin malware that was detected infecting computer networks across the globe (including Malaysia) has been exposed as belonging to the American National Security Agency. This came as a result of more documents released by German newspaper der Spiegel, who received it from whistleblower Edward Snowden.
While the documents did not specifically mention Regin by name, it did reveal the source code for an advanced malware programme called QWERTY; which happens to have clear similarities with Regin. Researchers from Kaspersky and Symantec both reach the conclusion independently after examining the code, and also noted that the targets are consistent with the Five Eyes spy network targets outlined in the Snowden documents.
Regin was a particular concern for security companies as it had the capability to map GSM networks, providing attackers with a full plan for how an entire telecommunications system for a country works. This was exposed after the malware was discovered as part of an attack on Belgacom, the largest telecommunications company in Belgium.
It has also been linked with attacks on the European Commission and on the International Atomic Energy Agency. The original report on Regin indicated that several Malaysian targets were affected, although no details were mention on who these might be.
Kaspersky expects more incidents of Regin to appear as companies now know what to look for. As a tool of the NSA it is difficult to say what the malware campaign is looking for, but at this rate it could lead to another international spying row.
[Source: der Spiegel]