Menu
Germany probes Regin-powered cyberespionage

Germany probes Regin-powered cyberespionage

The malware program was found on the laptop of a German federal official

It looks like Chancellor Angela Merkel is not the only German official who might have been spied on by the nation's allies. The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence partners.

The German federal prosecutor's office has opened an investigation into the breach, which came to light in 2014, German news magazine Der Spiegel reported Friday. The Chancellery is the federal agency that serves Merkel's office.

Regin is one of the most sophisticated malware programs ever discovered. It has over 75 modules that enable a range of functionality, including password theft, network traffic capture, screen shot grabbing, recovery of deleted files and data exfiltration.

According to reports from several security companies, it was used to spy on Internet service providers, telecommunications backbone operators, energy firms, airlines, government entities, research institutes and private individuals around the world.

There are strong indications that Regin is a computer network exploitation (CNE) platform referred to as WARRIORPRIDE in documents leaked by former NSA contractor Edward Snowden and which is used by the intelligence agencies of the U.S., U.K., Canada, Australia and New Zealand -- known as the Five Eyes intelligence partnership.

In January, Der Spiegel released a keylogger program dubbed QWERTY from the trove of files leaked by Snowden that the magazine believed was part of WARRIORPRIDE. Researchers from antivirus firm Kaspersky Lab later analyzed the program and concluded that it was identical to a known Regin plug-in and even had code referencing a different Regin module.

Previous reports that the NSA tapped Angela Merkel's mobile phone strained relations between Germany and the U.S. Prosecutors in Germany launched an investigation into that claim, which was also based on documents leaked by Snowden, but it was later dropped due to insufficient evidence.

If Regin is indeed WARRIORPRIDE, as many security experts believe, the program's presence on a German Chancellery official's laptop is unlikely to be a coincidence. However, since the tool is used by the intelligence agencies of five different countries, identifying the perpetrator in this case might prove difficult.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments