posted at 00:50
Author Name: Rob Lever
Advanced cyberspying tool dates from 2008
The security firm Symantec said the malware, known as Regin, was seen "In systematic spying campaigns against a range of international targets," including governments infrastructure operators, businesses, researchers and private individuals. Symantec said the malware shares some characteristics with the Stuxnet worm- a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program. Because of its complexity, the Symantec researchers said in a blog post that the malware "Would have required a significant investment of time and resources, indicating that a nation state is responsible." Around half of all infections occurred at addresses belonging to Internet service providers, but Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves. Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger. Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere. One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act "On behalf of a Chinese government intelligence apparatus." A separate report by the security frim FireEye said a long-running effort to hack into US defense contractors, Eastern European governments and European security organizations is "Likely sponsored by the Russian government."

Posts Archive