Report: Regin Spyware Linked to U.S. and U.K Intelligence Services

We may earn a commission from links on this page.

Over the weekend, Syamantec published a report which described a sophisticated piece of spyware called Regin that had been snooping on servers for years. Now, new reports suggest that it's linked to U.S. and U.K intelligence services.

The Intercept reports that security industry sources tell it that Regin is "behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company."


The spyware was found on the Belgian phone provider Belgacom's networks, but the company had been targeted in surveillance operations by the British spy agency Government Communications Headquarters. Elsewhere, the malware was found on the exact same European Union computer systems that had been targetted by the National Security Agency.

We already knew about the surveillance of Belgacom and the European Union computers thanks to documents leaked by Edward Snowden, but we didn't know what software had been used. Now, this report seems to suggest that the newly discovered malware was behind the incidents. As a refresher about how the malware works:

Regin has been out in the digital wild since at least 2008, operates much like a back-door Trojan, and has been used against governments, internet providers, telecom companies, researchers, businesses, and private individuals, says Symantec. Regin affects Windows-based computers and operates in five stages, giving the attacker a "powerful framework for mass surveillance" and offers flexibility so attackers can customize the packages embedded within the malware.


It's said to be "the most sophisticated malware" ever studied by Ronald Prins, the security expert who removed the malware from Belgacom's networks. He's also gone on to tell The Intercept that "having analyzed this malware" he's "convinced Regin is used by British and American intelligence services."

The original surveillance of Belgacom by U.K. security saw them use malware to send employees to fake LinkedIn pages, which then gave spies control of the systems. The GCHQ and NSA have declined to comment on the news.


It remains unclear if British and American intelligence is definitely behind Regin, but it certainly looks like they could have been using the spyware. No doubt we'll find out more in the coming days. [The Intercept]