Menu
Germany probes Regin-powered cyberespionage

Germany probes Regin-powered cyberespionage

The malware program was found on the laptop of a German federal official

It looks like Chancellor Angela Merkel is not the only German official who might have been spied on by the nation's allies. The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence partners.

The German federal prosecutor's office has opened an investigation into the breach, which came to light in 2014, German news magazine Der Spiegel reported Friday. The Chancellery is the federal agency that serves Merkel's office.

Regin is one of the most sophisticated malware programs ever discovered. It has over 75 modules that enable a range of functionality, including password theft, network traffic capture, screen shot grabbing, recovery of deleted files and data exfiltration.

According to reports from several security companies, it was used to spy on Internet service providers, telecommunications backbone operators, energy firms, airlines, government entities, research institutes and private individuals around the world.

There are strong indications that Regin is a computer network exploitation (CNE) platform referred to as WARRIORPRIDE in documents leaked by former NSA contractor Edward Snowden and which is used by the intelligence agencies of the U.S., U.K., Canada, Australia and New Zealand -- known as the Five Eyes intelligence partnership.

In January, Der Spiegel released a keylogger program dubbed QWERTY from the trove of files leaked by Snowden that the magazine believed was part of WARRIORPRIDE. Researchers from antivirus firm Kaspersky Lab later analyzed the program and concluded that it was identical to a known Regin plug-in and even had code referencing a different Regin module.

Previous reports that the NSA tapped Angela Merkel's mobile phone strained relations between Germany and the U.S. Prosecutors in Germany launched an investigation into that claim, which was also based on documents leaked by Snowden, but it was later dropped due to insufficient evidence.

If Regin is indeed WARRIORPRIDE, as many security experts believe, the program's presence on a German Chancellery official's laptop is unlikely to be a coincidence. However, since the tool is used by the intelligence agencies of five different countries, identifying the perpetrator in this case might prove difficult.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments