“Reign” Malware Spied on Companies and Governments in 10 Countries since 2008

Symantec Corp released a report on an advanced piece of malware known as “Reign”, an advanced backdoor-type Trojan. It infects target systems and links back to controllers, creating a powerful surveillance apparatus monitoring systems across the world.

“Reign” has been observed infecting private companies, governments, and research institutions. While confidentiality is key and names are withheld at this time, the following graph illustrates a rough estimate of companies affected:

[Source: Symantec Corp]
Reign-Targeted Companies
Graph of Reign Targeted Systems

Reign-Targeted Nations
Countries affected

“Reign” is one of the most advanced and complex pieces of malware ever analyzed. It is a multi-stage, modular threat, able to tailor itself to infect most any machine only as much as is necessary. Each stage is encrypted until use, making it tough to crack.

The technical competence and time required to develop malware of this caliber could have only been produced by a nation-state, Symantec says, and its similarities to the infamous Stuxnet worm point to a western source rather than the typical China/Russia. Considering not a single target of Reign resides on British or US soil, and most victims are located in Russia, Saudi Arabia, and Ireland, Britain is a likely source.

[1] http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
[2] http://www.theguardian.com/technology/2014/nov/24/regin-malware-western-surveillance-technology