Regin (malware)

Regin (also known as Prax or WarriorPride) is a sophisticated malware toolkit revealed by Kaspersky Lab,Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence gathering agency NSA and its British counterpart, the GCHQ.The Intercept provided samples of Regin for download including malware discovered at Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but that some of the earliest samples date from 2003. (The name Regin is first found on the VirusTotal website on 9 March 2011.) Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria and Pakistan. Kaspersky Lab have recently discovered multiple attack vectors used. USB, & BIOS modification allows the bulk of malware to be injected through ports 1,2,3 & 5. Many extra services & processes are visible to the victim. The 'back room' of the creators finds collisions in SHA2 message digests, suggesting a lot of CPU time is taken up. If the virus-software updates slightly altered updates (per user e.g. 256 bytes of random data), collisions for every user would have to be carried out. Kaspersky has said the malware's main victims are private individuals, small businesses and telecom companies. Regin has been compared to Stuxnet and is thought to have been developed by "well-resourced teams of developers," possibly a Western government, as a targeted multi-purpose data collection tool.

...
Wikipedia