Regin state-sponsored malware traced to UK, US spies: report

An advanced strain of malware discovered over the weekend may have been used by Britain's Government Communications Headquarters (GCHQ) spy agency in attacks on Belgian telco Belgacom, according to analysis by The Intercept.

A Belgian security expert hired to clean out the Regin infection from the partly state-owned Belgacom's networks told The Intercept he was certain that Regin was used by British and American intelligence services.

Symantec did not identify in its report what parties it believed was behind the advanced malware, nor did the security vendor mention its targets by name, only by country.

A spokesperson for Symantec confirmed to iTnews that no samples had been found outside the ten countries mentioned in the report, with none seen in "Five-Eyes" intelligence alliance countries Australia, UK, US, Canada or New Zealand.

Regin was also found on European Union computers under surveillance by the US National Security Agency (NSA), as revealed by its former contractor Edward Snowden last year, although the malware was not identified at the time.

Faked LinkedIn and Slashdot pages were used to infect Belgacom users' computers with the stealthy malware, in order to steal information.

The malware may have a longer history than thought. Security researchers Morgan Marquis-Boire and Claudio Guarnieri working together with The Intercept traced some of Regin's components back to 2003, and the malware was first named on the VirusTotal scanning site in 2011.

Regin is being made available for download by The Intercept to the public for further research and analysis.

Neither GCHQ nor NSA would comment on the two agencies being linked to the Regin malware.