Regin: A Malicious Platform Capable Of Spying on GSM Networks

Quick facts: 
LONDON, (informazione.it - comunicati stampa - information technology)

Quick facts: 

In spring 2012 Kaspersky Lab experts became aware of Regin malware, which seemed to belong to a sophisticated espionage campaign. For almost three subsequent years Kaspersky Lab's experts tracked this malware all over the world. From time to time, samples would appear on various multi-scanner services, but they were all unrelated to each other, cryptic in functionality and lacking context. However, Kaspersky Lab experts were able to obtain samples involved in several real world attacks, including those against governmental institutions and telecom operators, and this provided enough information to research more deeply into this threat.

The in-depth study found that Regin is not just a single malicious program, but a platform - a software package, consisting of multiple modules, capable of infecting the entire networks of targeted organisations to seize full remote control at all possible levels. Regin is aimed at gathering confidential data from attacked networks and performing several other types of attacks.

The actor behind the Regin platform has a well-developed method to control the infected networks. Kaspersky Lab experts observed several compromised organisations in one country, but only one of them was programmed to communicate with the command and control server located in another country.

However all the Regin victims in the region were joined together in a peer to peer VPN-like network and able to communicate with each other. Thus, attackers turned compromised organisations in one vast unified victim and were able to send commands and steal the information via a single entry point. According to Kaspersky Lab's research this structure allowed the actor to operate silently for years without raising suspicions.

The most original and interesting feature of the Regin platform, though, is its ability to attack GSM networks. According to an activity log on a GSM Base Station Controller obtained by Kaspersky Lab researchers during the investigation, attackers were able to obtain credentials that would allow them to control GSM cells in the network of a large cellular operator. This means that they could have had access to information about which calls are processed by a particular cell, redirect these calls to other cells, activate neighbour cells and perform other offensive activities. At the present time, the attackers behind Regin are the only ones known to have been capable of doing such operations.

"The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations. In today's world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user. Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users," said Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab.

Read more about the Regin platform on Securelist.com  

About Kaspersky Lab 

Kaspersky Lab is the world's largest privately held vendor of endpoint protection solutions. The company is ranked among the world's top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at  http://www.kaspersky.com.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012. 

Editorial contact:

Berkeley PR
Lauren White
[email protected]
Telephone: +44(0)118-909-0909
1650 Arlington Business Park
RG7 4SA, Reading

Kaspersky Lab UK
Ruth Knowles
[email protected]
Telephone: +44(0)7590-440-433
2 Kingdom Street
W2 6BD, London

Facebook Pinterest Linkedin Tumblr
Ufficio Stampa
 PR Newswire (Leggi tutti i comunicati)
209 - 215 Blackfriars Road
LONDON United Kingdom
Allegati
Slide ShowSlide Show
Non disponibili