Symantec's shocking report on the Regin malware in November opened the latest chapter in the annals of international espionage. Since at least 2008, Regin has targeted mainly GSM cellular networks to spy on governments, infrastructure operators, research institutions, corporations, and private individuals. It can steal passwords, log keystrokes and read, write, move and copy files.
The sophistication of the malware suggests that, like the Stuxnet worm discovered in 2010, it was developed by one or several nation-states, quite possibly the U.S. It has spread to at least 10 countries, mainly Russia and Saudi Arabia, as well as Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.
If Regin really is at least six years old, it means that sophisticated surveillance tools are able to avoid detection by security products for years, a chilling thought for anyone trying to protect his data.