Menu
Germany probes Regin-powered cyberespionage

Germany probes Regin-powered cyberespionage

The malware program was found on the laptop of a German federal official

It looks like Chancellor Angela Merkel is not the only German official who might have been spied on by the nation's allies. The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence partners.

The German federal prosecutor's office has opened an investigation into the breach, which came to light in 2014, German news magazine Der Spiegel reported Friday. The Chancellery is the federal agency that serves Merkel's office.

Regin is one of the most sophisticated malware programs ever discovered. It has over 75 modules that enable a range of functionality, including password theft, network traffic capture, screen shot grabbing, recovery of deleted files and data exfiltration.

According to reports from several security companies, it was used to spy on Internet service providers, telecommunications backbone operators, energy firms, airlines, government entities, research institutes and private individuals around the world.

There are strong indications that Regin is a computer network exploitation (CNE) platform referred to as WARRIORPRIDE in documents leaked by former NSA contractor Edward Snowden and which is used by the intelligence agencies of the U.S., U.K., Canada, Australia and New Zealand -- known as the Five Eyes intelligence partnership.

In January, Der Spiegel released a keylogger program dubbed QWERTY from the trove of files leaked by Snowden that the magazine believed was part of WARRIORPRIDE. Researchers from antivirus firm Kaspersky Lab later analyzed the program and concluded that it was identical to a known Regin plug-in and even had code referencing a different Regin module.

Previous reports that the NSA tapped Angela Merkel's mobile phone strained relations between Germany and the U.S. Prosecutors in Germany launched an investigation into that claim, which was also based on documents leaked by Snowden, but it was later dropped due to insufficient evidence.

If Regin is indeed WARRIORPRIDE, as many security experts believe, the program's presence on a German Chancellery official's laptop is unlikely to be a coincidence. However, since the tool is used by the intelligence agencies of five different countries, identifying the perpetrator in this case might prove difficult.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments