REGIN MALWARE
"Regin" is a highly advanced, sophisticated slice of malware the researchers believe was developed yesteryear patch state to spy on a wide-range of international targets including governments, infrastructure operators together with other high-profile individuals since at to the lowest degree 2008.
Regin was starting fourth dimension discovered inwards Nov 2014 yesteryear the researchers at antivirus software maker Symantec together with was said to live on to a greater extent than sophisticated than both Stuxnet together with Duqu.
The malware alleged to convey been used against targets inwards Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russian Federation together with Syria, amidst others.
The recent evidence comes from the journalists at Der Spiegel who published the root code for a malicious plan code-named 'QWERTY' – "a slice of software designed to surreptitiously intercept all keyboard keys pressed yesteryear the victim together with tape them for after inspection."
QWERTY KEYLOGGER MALWARE
The malicious plan was revealed before this calendar month when Der Spiegel mag published a detailed article on the U.S. National Security Agency's cyber espionage operations based on documents obtained from the quondam NSA contractor Edward Snowden.
The QWERTY plan is included inwards the malware products used yesteryear the NSA together with other word agencies worldwide that are component of the Five Eyes Alliance (US, Australia, Canada, New Zealand together with the United Kingdom) inwards social club to eavesdrop together with deport destructive cyber operations on targets.
QWERTY = REGIN
After examining QWERTY’s code, the safety analysts at Kaspersky Labs concluded that the keylogger’s root code tin live on linked to 'Regin,' together with that the malware developers of QWERTY together with Regin are either the same, or piece of job closely together.
Moreover, the researchers also constitute that both QWERTY together with the 50251 plug-in depend on a unlike module of the Regin platform identified every bit 50225 which relies on meat hooking functions. This strongly proves that QWERTY tin solely operate every bit component of the Regin platform.
"Considering the extreme complexity of the Regin platform together with trivial guide chances that it tin live on duplicated yesteryear somebody without having access to its sourcecodes, nosotros conclude the QWERTY malware developers together with the Regin developers are the same or working together," Costin Raiu together with Igor Soumenkov, researchers at Kaspersky’s Securelist blog, said on Tuesday.
Der Spiegel reported that QWERTY is probable a plug-in of a unified malware framework codenamed WARRIORPRIDE that is been used yesteryear all Five Eye partners. Also, it is several years old together with has probable already been replaced.
However, the link betwixt QWERTY together with Regin suggests that the cyber espionage malware platform, safety researchers telephone outcry upwards Regin, is none other than WARRIORPRIDE.
Regin tool has also been linked to hacks which targeted the International Atomic Energy Agency based inwards Republic of Austria together with the 2011 assault on European Commission computers, Spiegel said.
