Regin

  • First known sample

    2003
  • Discovery

    2012
  • Number of targets

    1-100
  • Current status

    Active
  • Type

    Complex cyberattack platform , Rootkit , Trojan
  • Targeted platforms

    Windows
  • TOP targeted countries

    Afghanistan , Algeria , Belgium , Brazil , Fiji , Germany , India , Indonesia , Iran , Kiribati , Malaysia , Pakistan , Russia , Syria
  • The way of propagation

    USB drives
  • Purpose/Functions

    Cyberespionage , Facilitating other types of attacks , Remote control
  • Special features
    Regin – the first cyber-attack platform known to penetrate and monitor GSM networks in addition to other “standard” spying tasks.
  • Targets

    Academia/Research , Financial institutions , Government entities , Multi-national political bodies , Specific individuals , Telecoms
  • Artefacts/Attribution
    Considering the complexity and cost of Regin development, it is likely that this operation is supported by a nation-state.
  • Description

    A malware toolkit designed primarily for the purposes of intelligence gathering that’s been facilitating attacks since 2012. The initial infection method is still unknown, but once inside, the cyber-attack platform is deployed for ultimate remote control at all levels. Victims are primarily representatives of the government, political bodies, research institutions, and financial organizations from the Middle East and Europe.

    Additional information