An unidentified nation may have developed a "highly complex" surveillance tool that targeted companies and other victims in at least 10 countries including Russia and Mexico, Symantec Corp researchers said.
The tool, a malware dubbed "Regin," has been used in intelligence gathering since at least 2008, according to a report on Monday from Symantec, the biggest maker of security software. While almost half of the infections affected individuals and small companies, the malware also targeted the telecommunications and hospitality industries, Symantec said. Governments and research institutes were also among the victims.
"Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen," the Mountain View, California-based company said on its blog on Monday. "Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state."
Regin features anti-forensics capabilities and a custom-built encrypted virtual file system that make the software highly inconspicuous, according to the report. Russia and Saudi Arabia were the two most frequently targeted countries, followed by Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan, Symantec said.
Symantec, best known among consumers for its Norton antivirus software, announced October 10 that it will break into two publicly traded companies by the end of 2015, one focused on cyber-security and the other data storage. The split will unwind Symantec's acquisition of data-storage maker Veritas Software Corp for $10.2 billion in 2005.
