Editions:  Austria · Denmark · France · Germany · Italy · Norway · Spain · Sweden · Switzerland
Advertisement

Austria infested by IT 'super bug' Regin

Share this article

Austria infested by IT 'super bug' Regin
Photo: APA (Techt)
09:36 CET+01:00
Security researchers have discovered a highly sophisticated piece of spyware that has attacked computer systems in ten countries, including Austria.

The malware, dubbed Regin by researchers at Symantec who first discovered it, is so complex that most analysts believe it could only have been developed by a nation-state with powerful cyber attack capabilities -- such as the UK, USA, Russia, China or Israel.  

They disclosed that five percent of all infections they discovered were found in Austria.  Other countries targeted include the Russian Federation (28 percent), Saudi Arabia (24 percent), Mexico and Ireland (9 percent each), and Iran, India, Afghanistan, Belgium and Pakistan, each with five percent.

Belgium was most likely a target because its telco Belgacom handles communications for the European Union institutions, which appear to have been the target of a GCHQ operation known as "Operation Socialist."

Regin is a back-door-type Trojan, "customizable with an extensive range of capabilities depending on the target," Symantec said, adding that "it provides its controllers with a powerful framework for mass surveillance." Its development probably took months "if not years" and "its authors have gone to great lengths to cover its tracks."

The malware uses several stealth features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

In June, Germany's Der Spiegel reported that the NSA was actively infiltrating and spying on the European Union and its senior diplomats, including those in New York and Washington, as well as at Nato in Belgium.

Some of the techniques used by the malware -- including its modular nature, and the highly valuable attack vectors used -- strongly suggest that the spy software was developed by the same country which developed Stuxnet and Duqu, widely believed to be a collaboration between the USA and Israel.

The malware has been most active in the period of 2011 until 2013, although some elements date back to 2003, according to reports.

Get notified about breaking news on The Local

Share this article

Advertisement

From our sponsors

The Swedish university where students tackle real-world problems

Ranked among the world's best young universities in the QS Top 50 Under 50, Linköping University (LiU) uses innovative learning techniques that prepare its students to tackle the challenges of tomorrow.

Advertisement
Advertisement
Jobs
Click here to start your job search
Advertisement
Advertisement

Popular articles

Advertisement

Noticeboard

Advertisement