Germany probes alleged new case of US espionage: Regin malware infected Gov laptop

Pierluigi Paganini October 25, 2015

The German authorities have launched a probe into allegations of a new case of US espionage after they have found a laptop infected by the Regin Spyware.

The German authorities have launched a probe into allegations of a new cyber-espionage campaign that is suspected to be linked to the US intelligence.

The news was revealed by the German newspaper Der Spiegel, the same that issued the report on alleged US snooping on Chancellor Angela Merkel’s mobile phone in June.

The Der Spiegel reports that Germany’s federal prosecutors are targeting unknowns for “espionage activities.”

This time, the attackers targeted the personal laptop of a department chief in the chancellery that has been infected by the powerful Regin spyware.

Many experts linked the Regin malware to the Five Eyes alliance, they found alleged references to the super spyware in a number of presentations leaked by Edward Snowden and according to malware researchers it has been used in targeted attacks against government agencies in the EU and the Belgian telecoms company Belgacom.

The Der Spiegel, citing cyber security experts, confirmed there “is no doubt” that Regin can be linked to the Five Eyes alliance.

The Regin Trojan was discovered on the laptop last year and it has been used by threat actors to exfiltrate sensitive data from the targeted computer.

“We can confirm that there is an inquiry” relating to “malicious software” called Regin, a spokeswoman for the federal prosecution service told AFP, declining to confirm other details from the Spiegel report.”

In November 2014, security experts at Symantec have uncovered the backdoor Regin, a highly advanced spying tool used in cyber espionage campaigns against governments and infrastructure operators

The Regin malware has been around since at least 2008,that most Regin infections were observed in Russia (28%) and Saudi Arabia (24%), but other attacks were spotted in Iran, Ireland, India, Afghanistan, Austria, Belgium,  Mexico, and Pakistan.

In August, Symantec revealed the existence of 49 new modules of the Regin espionage platform, a circumstance that suggests that its operators are still active.

Regin Backdoor 5 stages Symantec

Stay Tuned!


[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Regin, espionage)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment