Security experts have warned about groundbreaking malware that has been used to spy on international targets for six years.

Known as Regin, the back-door Trojan is what security firm Symantec called "a complex piece of malware whose structure displays a degree of technical competence rarely seen."

The stealthy, customizable software is built on a framework meant for long-term intelligence-gathering operations, and has been used to spy on government organizations, infrastructure operators, businesses, academics, and individuals.

Its most common targetswhich may be tricked into visiting a spoofed version of popular websites, where the threat is installedare private individuals and small businesses, most of whom are located in Russia and Saudi Arabia.

"Regin is a highly complex threat which has been used in systematic data collection or intelligence gathering campaigns," Symantec said in a blog post. "The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible."

Some custom payloads are highly advanced, suggesting that those who developed Regin have access to a lot of resources. Still, there is no word yet on who might be behind it.

Using a modular approach, the malware is able to load custom features tailored to each target; it then follows a five-stage chain of decryption (left). But Regin is cloaked in such a thick veil of secrecy that there is no telling how long it's been running espionage campaigns.

Symantec began investigating this threat in the fall of 2013, and has uncovered two distinct versions of Regin: Version 1.0, used between 2008 and 2011, and Version 2.0, used from 2013 onwards.

"The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering," the security firm said. "Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist."

Symantec promised to post updates on future discoveries.

UPDATE: According to The Intercept, Regin can be traced to U.S. and U.K. officials, much like Stuxnet. The Intercept pointed to the 2013 hacking of Belgian telecom firm Belgacom, which was revealed by documents leaked by Edward Snowden. "The specific malware used in the attacks has never been disclosed, however," the site said. Until now. For more, see the video below.

Further Reading

Antivirus Reviews