Support The Moscow Times!

Spy Malware Deployed Against Russia by Unknown Nation, Report Says

The newly discovered Regin malware may serve as a reminder of how cyber warfare can be just as debilitating as physical attacks. Yevgeny Razumny / Vedomosti

Russian and Saudi Arabian telecommunications and Internet firms are being targeted by highly advanced cyber espionage malware that is likely being controlled by a Western intelligence agency, The Financial Times reported Monday.

Leading computer security company Symantec issued a statement Sunday warning about a new piece of malware known as Regin. The advanced espionage tool "displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers and private individuals."

How Regin infects computer systems remains unclear, but it has primarily been deployed against telecommunications firms and Internet service providers in Russia and Saudi Arabia, and to a lesser extent in Mexico, Ireland and Iran, The Financial Times reported, citing Symantec.

"Almost half of all infections targeted private individuals and small businesses. Attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure," Symantec wrote in its statement.

The warnings come amid a flurry of reports of increased cyber espionage as the ongoing crisis in Ukraine continues to pit Russia against many Western countries.

Concerns of cyber espionage prompted NATO to hold the world's biggest-ever cyber war games last week in Estonia, where hundreds of representatives from 28 countries tested their own ability to respond to new cyber threats, The Financial Times reported Thursday. ? 

The newly discovered Regin malware may serve as a reminder of how cyber warfare can be just as debilitating as physical attacks. Regin, believed to have been in use since 2008, has been used for "systematic data collection or intelligence-gathering campaigns" since its creation, Symantec's statement said.

The malware's design "makes it highly suited for persistent, long-term surveillance operations against targets," the report said.

Symantec did not identify any possible culprits, but said the malware's "authors have gone to great lengths to cover its tracks," and the "capabilities and the level of resources behind Regin indicate that it is one of the main cyber espionage tools used by a nation state."

In mid-October, another cyber security company, iSIGHT Partners, released a report claiming that a large-scale cyber espionage campaign was under way against NATO, Ukrainian government agencies, Polish energy firms and American academic institutions, among others.

The so-called Sandworm malware at the center of that campaign was believed to have originated in Russia, the report said.

Meanwhile, just days after The Telegraph reported that British troops were told to be wary of Russian cyber spies using electronic devices in intelligence-gathering during upcoming drills in Poland, a spokesman for Russia's Defense Ministry denied a similar claim made in the Russian media.

Major General Igor Konashenkov refuted earlier media reports that Russian troops had been forbidden from using iPhones for fear that foreign spies could access them to monitor a soldier's location and activities at all times.

"There is no ban on using mobile telephones in Russia's armed forces, and certainly no ban on products from any specific manufacturer," Konashenkov said Monday in comments carried by state news agency RIA Novosti.

Contact the author at a.quinn@imedia.ru

Sign up for our free weekly newsletter

Our weekly newsletter contains a hand-picked selection of news, features, analysis and more from The Moscow Times. You will receive it in your mailbox every Friday. Never miss the latest news from Russia. Preview
Subscribers agree to the Privacy Policy

A Message from The Moscow Times:

Dear readers,

We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."

These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.

We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.

By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.

Once
Monthly
Annual
Continue
paiment methods
Not ready to support today?
Remind me later.

Read more