Did Regin malware originate from UK and US?

The super-stealthy Regin malware, which was designed to steal national and industrial secrets and highlighted by several security firms earlier this week, could have come from the UK or US.

When Symantec first warned about this highly sophisticated malware, which can be customised extensively by the user and runs along the lines of Stuxnet, the firm said that it wasn’t at all sure of the origin of the backdoor Trojan, and that the makers had gone to great lengths to cover their tracks.

A nation state was thought responsible though, due to the complexity of the malware, and the Independent now reports that it has been linked back to US and UK intelligence agencies (so likely the NSA, and of course GCHQ).

Regin has been found to be carrying out surveillance on over 14 countries across the globe – mostly in Russia and Saudi Arabia – but none of those are the so-called ‘five eyes’ nations of the UK, US, Australia, Canada, and New Zealand, leading to the belief that one of those may be responsible (and indeed all of them may know about the project).

The Regin malware has been used in attacks against governments and major telecoms firms worldwide – it is able to tap into GSM phone networks, and redirect calls amongst other functions.

Another website, The Intercept (via Channel 4), has also claimed that there’s a link between Regin and the malware used to hack a large telecoms outfit in Belgium – with the operator in question serving the European Parliament, and allegedly it was spied upon by GCHQ. Documents from Edward Snowden’s extensive leakage showed GCHQ launched a mission in 2010 to infect Belgacom employees’ machines in order to access the telecom operator’s network.

Doubtless a lot more digging will be done now Regin has been brought into the spotlight.