According to a new report published over the weekend, German authorities have opened an investigation to identify whether the head of the German Federal Chancellery unit had his laptop infected with Regin, a highly sophisticated suite of malware tools that has been directly linked to the NSA and its British counterpart, the Government Communications Headquarters.
Regin, the piece of malware officials are looking for is among one of the most advanced pieces of malware ever discovered, with dozens of modules filled to the brim for specific targeting including telecommunications, hospitality, energy, airline and research industries. Reign’s innards are strikingly similar to a previously discovered state-sponsored piece of malware, including the espionage trojans dubbed Flame and Duqu, as well as Stuxnet, a massive computer worm the US and Israel reportedly unleashed in hopes of disrupting Iran’s nuclear program.
According to research published last year by security firm Kasperksy Lab, Regin was used to successfully infected more than 100 targets since it made its debut back in 2008. Security researchers continued, stating that the targets included those of Belgacom, the partially state-owned Belgian telecom, and Jean-Jacques Quisquater, a well-known Belgian cryptographer. Documents leaked by former NSA contractor Edward Snowden have even linked Regin to the NSA, specifically tying the malware to an NSA attack tool dubbed QWERTY. According to the German publication Der Spiegel, QWERTY is a keylogging plugin that’s apart of a much larger framework Snowden-documents labeled as WARRIORPRIDE. Regin and WARRIORPRIDE are believed to be the same thing.
Kaspersky’s 2014 investigation into Regin is what lead researchers to stumble upon The Equation Group, the name Kaspersky gave to the hacker group believed to have NSA-ties that operated under the radar for nearly 14 years before being discovered. The Equation Group is arguably the most sophisticated hacking team that has ever come to light. The Equation Group has near superhuman hacking feats, which include infecting a targets hard drive using two zero-day vulnerabilities which were later included in Stuxnet, along with the ability to use web redirects to target iPhone users.
And now, over the weekend, Der Spigel is reporting that Regin has been discovered infecting a laptop owned by the head of the Unit of the Federal Chancellery. The federal agency serves directly to the office of the Chancellor. The Regin discovery comes alongside two other documents uncovered in 2013 showing that German Chancellor Angela Merkel had her phone lines tapped by the NSA. Prosecutors in Germany investigated the claims but dropped the case after citing insufficient evidence in June.
Amid news, the Federal Prosecutor’s Office has opened an investigation into the latest Regin malware discovery. Thus far, German officials have released no information nor estimated time til the investigation may be complete. Following the Merkel incident, German-US relations were in murky water for quite some time following. If new reports that the highly sophisticated NSA-based Regin malware infected a top German officials computer, it isn’t likely to help the two countries mend any wounds.