Regin Developed By US, British Intelligence Agencies: Reports

US and British intelligence agencies have been linked to Regin, a top-tier espionage tool ,indentified by Symantec, that enables stealthy surveillance.

Regin was reportedly was used to spy on governments, businesses, researchers and individuals since 2008, Symantec said in its official blog post Monday.

According to news website The Intercept, the malware appeared to be linked to US and British intelligence, and that it was used in attacks on EU government networks and Belgium's telecom network.

The report, citing industry sources and a technical analysis of the malware, said Regin appears to be referenced in documents leaked by former National Security Agency contractor Edward Snowden about broad surveillance programs.

Asked about the report, an NSA spokeswoman told The Intercept, "We are not going to comment on speculation." 

In its blog post, Symantec said the malware shares some characteristics with Duqu and Stuxnet.

A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen.

Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals, Symantec said.

Regin infections have been observed in a variety of organizations between 2008 and 2011, after which it was abruptly withdrawn. A new version of the malware resurfaced from 2013 onwards. Targets include private companies, government entities and research institutes.

"Regin's developers put considerable effort into making it highly inconspicuous," Symantec said. "Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files."

The largest number of infections discovered -- 28 percent -- was in Russia, and Saudi Arabia was second with 24 percent. Other nations mentioned by Symantec include Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. There were no reported infections in the United States.