Regin (malware)

Regin (also known as Prax or QWERTY) is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ).[1][2][3] It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014.[4][5] The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ.[6][7][8] The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom.[5] Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003.[9] (The name Regin is first found on the VirusTotal website on 9 March 2011.[5]) Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.[10]

Kaspersky has said the malware's main victims are private individuals, small businesses and telecom companies. Regin has been compared to Stuxnet and is thought to have been developed by "well-resourced teams of developers", possibly a Western government, as a targeted multi-purpose data collection tool.[11][12][13]

According to Die Welt, security experts at Microsoft gave it the name "Regin" in 2011, after the cunning Norse dwarf Regin.[14]

  1. ^ Cite error: The named reference nsa-und-gchq was invoked but never defined (see the help page).
  2. ^ "Experts Unmask 'Regin' Trojan as NSA Tool". Spiegel.de. Retrieved 9 November 2021.
  3. ^ Zetter, Kim. "Researchers Uncover Government Spy Tool Used to Hack Telecoms and Belgian Cryptographer". Wired. ISSN 1059-1028. Retrieved 2022-02-22.
  4. ^ "Regin Revealed". Kaspersky Lab. 24 November 2014. Retrieved 24 November 2014.
  5. ^ a b c Cite error: The named reference intercept20041124 was invoked but never defined (see the help page).
  6. ^ "Top German official infected by highly advanced spy trojan with NSA ties". 26 October 2015.
  7. ^ Perlroth, Nicole (24 November 2014). "Symantec Discovers 'Regin' Spy Code Lurking on Computer Networks". New York Times. Retrieved 25 November 2014.
  8. ^ Gallagher, Ryan (13 December 2014). "The Inside Story of How British Spies Hacked Belgium's Largest Telco". The Intercept.
  9. ^ Kaspersky:Regin: a malicious platform capable of spying on GSM networks, 24 November 2014
  10. ^ "Regin: Top-tier espionage tool enables stealthy surveillance". Symantec. 23 November 2014. Retrieved 25 November 2014.
  11. ^ "BBC News - Regin, new computer spying bug, discovered by Symantec". BBC News. 23 November 2014. Retrieved 23 November 2014.
  12. ^ "Regin White Paper" (PDF). Symantec. Archived from the original (PDF) on 7 September 2019. Retrieved 23 November 2014.
  13. ^ "Regin White Paper" (PDF). Kaspersky Lab. Retrieved 24 November 2014.
  14. ^ Benedikt Fuest (24 November 2014). "Ein Computervirus, so mächtig wie keines zuvor". Die Welt. Archived from the original on 28 November 2014.