Regin has compromised networks in 14 countries: Kaspersky

Regin, the first cyber attack mode to penetrate and monitor GSM networks, has compromised computer networks in at least 14 countries around the world, says Kaspersky.

The affected countries include Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Syria and Russia.

The new cyber attack targets telecom operators, governments, financial institutions, research organizations, multinational political bodies and individuals involved in advanced mathematical/cryptographical research.

Regin Regin uses multiple malicious tools capable of compromising the entire network of an attacked organization. It uses an incredibly complex communication method between infected networks and command and control servers, allowing remote control and data transmission by stealth, Kaspersky says.

Also read: Symantec says malicious software Regin regains attack

The malicious software is capable of monitoring GSM base station controllers, collecting data about GSM cells and the network infrastructure. It can also infect the entire networks of targeted organizations to seize full remote control at all possible levels.

Attackers were able to obtain credentials that would allow them to control GSM cells in the network of a large cellular operator. This means that they could have had access to information about which calls are processed by a particular cell, redirect these calls to other cells, activate neighbor cells and perform other offensive activities. At the present time, the attackers behind Regin are the only ones known to have been capable of doing such operations, Kaspersky said.

According to Kaspersky Lab experts, there may be several compromised organizations in one country, but only one of them was programmed to communicate with the command and control server located in another country. However all the Regin victims in the region were joined together in a peer to peer VPN-like network and able to communicate with each other. Thus, attackers turned compromised organizations in one vast unified victim and were able to send commands and steal the information via a single entry point. This structure allowed the actor to operate silently for years without raising suspicions.

Rajani Baburajan

[email protected]