Sophisticated Regin Malware Could be the Child of GCHQ or NSA

By Gerald Lynch on at

Regin, the super-sophisticated malware tool that's been discovered by Symantec knocking about networks since 2008, may actually be a cyber warfare surveillance tool built by Britain's GCHQ and the US NSA security departments.

That's the understanding of both Wired and Kaspersky Lab, who have linked the malware to attacks on Belgian carrier Belgacom and cryptographer Jean-Jacques Quisquater. Used to spy on targets, it may have even been used to snoop on the European Commission in 2011, with the code used in that attack bearing striking similarities to the multi-part Regin.

Able to attack GSM base stations, Regin is thought to have been used to infect an entire network in one undisclosed Middle Eastern country, with the network still up and running to this day. That particularly attack was so far reaching that even the office of the country's president had been tapped. If true, it shows that GCHQ and the NSA are using custom malware as standard-issue kit, purpose built to infiltrate the systems of protected targets. At this stage, it really shouldn't come as a surprise either. [Wired, Securelist via Engadget]