Security Market Segment LS
Friday, 28 June 2019 10:20

Regin malware used in Western spying on Russian firm Featured

Regin malware used in Western spying on Russian firm Pixabay

Western intelligence agencies, which have been accusing China and Russia of spying on their nations, reportedly infiltrated the Russian search firm Yandex last year, using Windows malware known as Regin that has been identified as having been created and used by the NSA and Britain's GCHQ.

The use of Regin was first revealed by NSA whistleblower Edward Snowden and later described by Russian security firm Kaspersky and the American cyber security company Symantec.

The malware, which was described by Symantec in 2014 as "a complex piece of malware whose structure displays a degree of technical competence rarely seen", has also been used by other so-called Five Eyes countries Canada, Australia and New Zealand, a Reuters report said on Friday.

The Symantec analysis of 2014 said further, "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state."

Kaspersky's analysis at the same time said: "Regin is a cyber-attack platform which the attackers deploy in the victim networks for ultimate remote control at all possible levels." The company identified victims of Regin in 14 countries at the time: Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria.

regin one

Yandex had more than 108 million monthly users in Belarus, Kazakhstan and Turkey, Reuters reported, citing anonymous sources.

The attackers hit Yandex between October and November 2018 and were said to be looking for the ways by which Yandex authenticates user accounts, apparently in order to pose as Yandex users and access other people's messages.

The Intercept reported about Regin back in 2014, based on information from Snowden which pointed to the malware being used against Belgian telco, Belgacom. The same malware was found on computers belonging to the EU and targeted by the NSA.

The version of Regin found on the Yandex systems had a good deal of new code and Kaspersky established its identity, the Reuters report said.

Kaspersky was contacted for its reaction, but the company said it had no comment to make.

regin two

A diagram of the Regin platform. Courtesy Kaspersky

Symantec said in the report that it had also found a new version of Regin. iTWire has contacted the company for comment.

It is rare for American advanced persistent threats to be identified in this manner. About the only company which did so was Kaspersky and, after it was barred from selling products to the US public sector, it too has maintained a veil of silence.

The last time Kaspersky revealed an American spy operation was at its annual Security Analyst Summit in 2018 when it revealed details of an operation known as Slingshot.

Sometime later, Slingshot was claimed to be an operation run by the Joint Special Operations Command, a part of the Special Operations Command. Slingshot was said to be used by US military and intelligence personnel to collect information about terrorists.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments