Symantec Discovers New Cyber Espionage Tool Malware Known As ‘Reign’

Symantec Discovers New Cyber Espionage Tool Malware Known As 'Reign'(Ping! Zine Web Tech Magazine) – Security firm Symantec has uncovered a new malware that has been used to spy on governments, businesses, researchers, and private companies since 2008.

The back door type malware, known as ‘Reign,’ is believed to be a cyber espionage tool used by a nation state due to the complex and technical nature of the malware.

“Reign is a multi-stages threat and each stage is hidden and encrypted, with the exception of the first stage,” says the company via blog post. “Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

Symantec notes that almost half of users affected by Reign are private individuals and small businesses, with 28 percent of targeted users coming from telecom companies in order to gain access to users private calls. Others affected by the malware include those in hospitality, energy, airline, and research.

Additionally, the malware is geographically dispersed, with more than half of the infections occurring in Russia and Saudi Arabia. Other countries such as Mexico, Ireland, India, and Afghanistan are also targeted.

Reign was first discovered dating as far back as 2008, in which it was removed in 2011, though a new version resurfaced in 2013 where it is currently used today.

More information can be found here.