But this isn't just another entry into the continually growing list of viruses, Symantec says this malware "displays a degree of technical competence rarely seen." The researchers refer to Regin as being similar to the Stuxnet computer worm, also discovered by Symantec in 2010, that was allegedly used to attack Iran's nuclear centrifuges. The only conclusion is that this tool was developed by a nation with some considerable technological means, as Symantec describes:
It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
Regin has been out in the digital wild since at least 2008, operates much like a back-door Trojan, and has been used against governments, internet providers, telecom companies, researchers, businesses, and private individuals, says Symantec. Regin affects Windows-based computers and operates in five stages, giving the attacker a "powerful framework for mass surveillance" and offers flexibility so attackers can customize the packages embedded within the malware.
However, no reported instances of Regin have been found in the U.S. Symantec's provided geographic breakdown shows Saudi Arabia and Russia as primary targets of Regin spyware, taking up more than half of all recorded cases. Other countries include Mexico, Iran, Afghanistan, India as well as European countries like Belgium and Ireland. It's speculated that most infections came from computers visiting "spoofed versions of well-known websites," says Symantec, though one case confirms Yahoo! Messenger was also involved.
In an interview with Re/Code, Symantec researcher Liam O'Murchu said that they know it was created by a technologically advanced country. Of course, the short list points to two obvious possibilities, the U.S. or China, but it's impossible to say for sure as there's much left to learn
Is it surprising that massive spyware systems exist on the web that we use every day? Unfortunately, not really, but when you actually see all the details laid out in front of you, it can be pretty frightening. [Symantec via Re/code]
Update: Russian computer firm Kaspersky Labs provided more information on the Regin malware, saying they've been tracking it for two years. The firm adds more targeted countries to the list (Syria, Malaysia, Indonesia, Kiribati, and Fiji) as well as new specific targets like financial institutions and individuals "doing advanced research into mathematics and cryptology," according to Re/code.