Content |
2018: Attack on "Yandex"
On June 27, 2019 the western investigation cracked "Yandex" to spy on accounts. The company confirmed the attacks, but assured that data of users managed to be saved.
According to Reuters with reference to informed sources, from October to November, 2018 the hackers working for intelligence agencies intruded in computer systems of "Yandex" and implemented rare type of the malware under the name Regin. This virus is used by prospecting alliance Five Eyes which includes intelligence agencies of the USA, Great Britain, Australia, New Zealand and Canada. However to define what of five states stood behind an attack on "Yandex", it is impossible, interlocutors of the agency reported. Read more here.
2014: Detection of a virus
Specialists of anti-virus company Symantec in the fall of 2014 detected the Backdoor.Regin virus intended for theft of confidential data at government institutions, utility companies, the commercial organizations, research centers and individuals. Authors of a virus "showed the level of technical training which can seldom be met"[1].
The attacks using the Regin virus were carried out in the different countries regularly to the period from 2008 to 2011 what statistics collected by Symantec from the infected systems confirms. In 2011 the virus suddenly was gone, but in 2013 developed again.
Generally the virus attacks individuals and small business — is the share of them about 50% of all attacks. Also the attacks are directed on telecom operators, for the purpose of gaining access to phone calls in their networks.
The greatest number of the attacks of the Regin virus is recorded in the Russian Federation (28%) and Saudi Arabia (24%). Smaller number — in Mexico (9%), Ireland (9%), India (5%), Afghanistan (5%), Iran (5%), Belgium (5%), Austria (5%) and Pakistan (5%).
The standard functionality of Regin includes: capture of screenshots, receiving control over the mouse cursor, theft of passwords, monitoring of network traffic and recovery of remote files. However, depending on type of the purpose and tasks, hackers can select and connect add-on modules to Regin. In total their several tens.
One of such modules is intended for monitoring of web traffic on servers running the software of Microsoft, another — for interception of traffic in networks of telecommunication companies.
"Troyan provides to hackers powerful tools for mass observation and was used for espionage in authorities, utility companies the commercial organizations, research centers and concerning individuals" — reported in Symantec.
Infection with the Regin virus occurs after the victim visits a harmful web-link. In one case the virus got on the computer through vulnerability in the Yahoo! Instant Messenger application.
It is remarkable that Regin is supplied with high degree of protection. All its modules are ciphered, and the non-standard encryption algorithm is used. The virus can be detected on the computer, but what he is engaged in, to find out extremely difficult, told in Symantec.
Specialists assume that development of the malware took many months or even years. According to them, for Regin definitely there is a state as only it has that volume of resources which is necessary for creation of a virus of similar level of complexity. The company does not make the assumptions, the program was developed where exactly.
Regin is the multi-stage attack. Each stage, except the first, is ciphered. Each stage in itself does not give an idea of the general attack. The complete picture arises only when you have all five stages.
The attacks were performed during the period from 2008 to 2011 (Regin 1.0) then malware disappeared. They emerged in 2013 (Regin 2.0) with some considerable differences: the new version 64-bit, and, perhaps, lost one stage.
Symantec did not find stage 3 in version 2.0 that it is possible to explain with the fact that in the 1st version, the 3rd stage concerns device driver, and secret installation of drivers of devices in 64-bit Windows is complex business even for sophisticated hackers.
The description of Backdoor.Trojan.GR shows in the database of threats of Symantec that it was detected and protection is provided since December 12, 2013. Presumably, they did not know that the threat existed much longer, and the retrospective analysis showed its true nature and use in the previous years.
Nevertheless, is a lot unclear for researchers of Regin. For example, the reproduced infection vector is not defined, and it can be configured for the specific attacks.
There are also "tens of options of payload of Regin" providing a set of normal things: theft of the password, image capture of the screen, theft of files (including remote files) and many other things.
The malware uses non-standard and strange methods to remain imperceptible. For example, it has own built-in ciphered virtual file system. Symantec considers that many Regin components remain unsolved.
Based on complexity of threat and considerable investments which it requires it is difficult not to agree with Symantec that it is similar to the instrument of the state espionage. The diagram of Symantec of spread of infections over the country also shows an atypical situation.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |