Researchers at top computer security firm Symantec have discovered another highly sophisticated piece of spying software. The Symantec team that identified this new malware is the same team that first identified Stuxnet, the weaponized software of still uncertain origin that was believed to be aimed at sabotaging Iranian nuclear efforts. Stuxnet was widely thought to be a joint effort by intelligence agencies in the US and Israel. Symantec believes the new malware, which they call “Regin,” is so sophisticated that it must have similar origins. “Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state,” Symantec writes. The Chinese government is also a possible source of “Regin,” according to speculation at Re/code.
The malware has global reach, but Symantec has found no infections in China or the US. Symantec traces Regin’s origins back until “at least” 2008. Symantec writes that Regin’s “low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing.”