A cyber snooping operation reminiscent of the Stuxnet worm and billed as the world’s most sophisticated computer malware is targeting Russian and Saudi Arabian telecoms companies.
Cyber security company Symantec said the malware, called “Regin”, is probably run by a western intelligence agency and in some respects is more advanced in engineering terms than Stuxnet, which was developed by US and Israel government hackers in 2010 to target the Iranian nuclear programme.
The discovery of the latest hacking software comes as the head of Kaspersky Labs, the Russian company that helped uncover Stuxnet, told the Financial Times that criminals are now also hacking industrial control systems for financial gain.
Organised criminals tapping into the networks that run industrial companies, alongside the development of the latest online snooping worm, are signs of the increasingly sophisticated nature of cyber attacks.
“Nothing else comes close to this . . . nothing else we look at compares,” said Orla Cox, director of security response at Symantec, who described Regin as one of the most “extraordinary” pieces of hacking software developed, and probably “months or years in the making”.
However, a western security official said it was difficult to draw conclusions about the origins or purpose of Regin. “It’s dangerous to assume that because the malware has apparently been used in a given country, it did not originate there,” the person said. “Certain states and agencies may well use tools of this sort domestically.”
Symantec said it was not yet clear how Regin infected systems but it had been deployed against internet service providers and telecoms companies mainly in Russia and Saudi Arabia as well as Mexico, Ireland and Iran.
The security software group said Regin could be customised to target different organisations and had hacked Microsoft email exchange servers and mobile phone conversations on major international networks.
“We are probably looking at some sort of western agency,” Ms Cox said. “Sometimes there is virtually nothing left behind – no clues. Sometimes an infection can disappear completely almost as soon as you start looking at it, it’s gone. That shows you what you are dealing with.”
Meanwhile, Eugene Kaspersky, chief executive of Kaspersky Labs, warned that the computer networks that control energy plants and factories are becoming targets for organised crime gangs armed with skilled hackers. He said there was evidence of “more and more very targeted attacks” of the networks that run industrial companies.
The attacks go beyond recent data breaches at US bank JPMorgan and US retailer Home Depot, in which criminals sought credit card details or personal data to attempt false transactions. Mr Kaspersky said criminals have used hacking for everything from bypassing security at ports to stealing grain from a Ukrainian factory by adjusting the digital scales to read a lower weight.
The most public incident of cyber industrial crime was exposed when Europol smashed a drugs ring last year that was hacking into the control systems of the Belgian port of Antwerp, to move containers holding drugs away from the prying eyes of customs inspectors.