• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

U.S. companies have finally gotten $71 billion in tariff refunds, but they’re using it to offset inflation caused by the Iran war

2

FedEx CEO says we are in the middle of the biggest supply chain shift he’s seen in 35 years: ‘We are the referendum’

3

Buffett says AI giants are ‘playing a game they don’t want to play’ in the AI race, reveals he was behind Berkshire’s $31 billion bet on Google

1

U.S. companies have finally gotten $71 billion in tariff refunds, but they’re using it to offset inflation caused by the Iran war

2

FedEx CEO says we are in the middle of the biggest supply chain shift he’s seen in 35 years: ‘We are the referendum’

3

Buffett says AI giants are ‘playing a game they don’t want to play’ in the AI race, reveals he was behind Berkshire’s $31 billion bet on Google
The Cloud Series

Regin, a new piece of spyware, said to infect telecom, energy, airline industries

By
DJ Summers
DJ Summers
Down Arrow Button Icon
By
DJ Summers
DJ Summers
Down Arrow Button Icon
November 23, 2014, 12:00 PM ET
185288188
PHP CodePhotograph by Scott Cartwright — Getty Images
Add Fortune on Google for similar content.

The cyber security firm Symantec on Sunday revealed that a malicious new piece of software is collecting information on individuals, companies, and government entities without their knowledge.

The malware, called Regin, is considered to be a mass surveillance and data collection tool (sometimes referred to as “spyware”). Its purpose and origin is still unclear, Symantec said, but researchers believe that the program is the work of a nation-state.

“We believe Regin is used primarily for espionage,” said Liam O’Murchu, a security researcher at Symantec. “We see both companies and individuals targeted. The ultimate goal is to listen in on phone calls or something like that. [Regin’s operators] target individuals and spread the attack to find whatever it is they’re looking for. All of these things together make us think that a government wrote it.”

Symantec (SYMC) said Regin (pronounced “re-gen,” as in “regenerate”) monitors its targets with a rarely-seen level of sophistication. Internet service providers and telecommunications companies make up the bulk of the those that are initially infected, researchers said. Regin then targets individuals of interest—in the hospitality, energy, research, and airline industries, among others—that are served by those ISPs. Regin’s operators continue to use infected companies as a springboard to gain access to more individuals. Once they gain access, they can remotely control a person’s keyboard, monitor Internet activity, and recover deleted files.

More than half of observed attacks have targeted Russia and Saudi Arabia, Symantec said. The rest are scattered across Europe, Central America, Africa, and Asia. The initial infection can come from a wide variety of sources, such as copies of popular websites or web browsers and USB drives that have been plugged into contaminated systems.

Regin has five attack stages. It begins with an initial “drop,” also called a Trojan horse (or “backdoor”) breach, that allows it to exploit a security vulnerability while avoiding detection. The first stage deploys what is called a loader, which prepares and executes the next stage; the second stage does the same to complicate detection. The third and fourth stages, called kernels, build a framework for the fifth and final stage, called the payload. That’s when it can wrest control of a computer or leap to a new victim.

Each stage prepares and executes the next, rather than deploy from a common framework. It’s similar in concept to Russian nesting dolls. Regin’s distributed structure makes it difficult for cyber security researchers to identify it without capturing information about all five stages.

The malware is made up of a system of customizable modules so that it may collect the information it needs across a number of different victims. For example, one Regin attack might capture a password from a hotel clerk’s computer while another attack may obtain remote control of another computer’s keyboard for purposes unknown. Each module is customized for one task or system, making detection and prevention of a comprehensive Regin attack difficult.

“One of the problems we have with analyzing is we don’t have all the components,” O’Murchu said. “You only get the modules set on that [particular] victim. But we know there are far more modules than what we have here. We don’t have enough information to understand. On top of that, it’s coded in a very advanced way to leave a small footprint. Anything they leave behind is encrypted. Each part is dependent on having all the parts.”

This kind of operational complexity is typically reserved for a state or a state-sponsored actor, Symantec said. Only a handful of malware programs to date have demonstrated such sophistication. In 2012, the Flamer malware used the same modular system to hit targets in the West Bank of Palestine, Hungary, Iran, and Lebanon, among other countries. Regin’s multi-stage attack pattern operates similarly to the Duqu malware and its descendent Stuxnet, the malware responsible for the disruption of Iranian nuclear facilities in 2010. O’Murchu said Regin is part of a disquieting trend of government-written and government-enacted malware.

“We often say that Stuxnet opened Pandora’s box,” O’Murchu says. “Whether that is because we know what to look for now or because there has been a genuine increase since Stuxnet is up for debate, but what we can say is that yes, we now know about a lot more scary government malware than before. It is far more pervasive, it is embedded in more organizations than we have ever seen, it is more organized than ever, and it is more capable than ever. I would say there has been an explosion in government related malware, and it doesn’t seem to be going away anytime soon.”

What makes Regin different is who it attacks. Instead of going only after high-worth targets, Regin attacks many different targets in an attempt to piece together contextual information. Of the 9% of Regin attacks in the hospitality industry, 4% targeted low-level computers, presumably for this information.

“The average person needs to be aware,” O’Murchu says. “A lot of the infections are not the final target. They are third parties providing some extra information to get to a final target. Lot of people think, ‘I don’t have anything of importance, why would anyone get on my computer?’ Ordinary people who may not think they’re targets in fact are.”

About the Author
By DJ Summers
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Jensen Huang’s signature black leather jacket just sold at Sotheby’s for nearly $1 million—and the money is going to young tech builders
SuccessJensen Huang
Jensen Huang’s signature black leather jacket just sold at Sotheby’s for nearly $1 million—and the money is going to young tech builders
By Sydney LakeJuly 17, 2026
1 hour ago
Businesses are experimenting with cheaper Chinese AI models as U.S. rivals get more expensive
AIChina
Businesses are experimenting with cheaper Chinese AI models as U.S. rivals get more expensive
By Tatiana SatauaJuly 17, 2026
2 hours ago
NordicTrack X24 Treadmill Review (2026): Expert Reviewed
HealthFitness
NordicTrack X24 Treadmill Review (2026): Expert Reviewed
By Christina SnyderJuly 17, 2026
2 hours ago
Sarah Friar, CFO of OpenAI
AIFinance
OpenAI’s CFO: 4 questions that reveal if your AI spend is paying off
By Sheryl EstradaJuly 17, 2026
2 hours ago
Markets may have just experienced their second DeepSeek shock, this time thanks to a Chinese AI lab named after a Pink Floyd album
AsiaChina
Markets may have just experienced their second DeepSeek shock, this time thanks to a Chinese AI lab named after a Pink Floyd album
By Nicholas GordonJuly 17, 2026
2 hours ago
Raj Subramaniam, CEO of FedEx
SuccessFortune 500: Titans and Disruptors of Industry
FedEx’s CEO landed his first job by taking a roommate’s abandoned interview. Now he’s running a $75 billion shipping giant
By Emma BurleighJuly 17, 2026
2 hours ago

Most Popular

U.S. companies have finally gotten $71 billion in tariff refunds, but they’re using it to offset inflation caused by the Iran war
Economy
U.S. companies have finally gotten $71 billion in tariff refunds, but they’re using it to offset inflation caused by the Iran war
By Sasha RogelbergJuly 17, 2026
14 hours ago
FedEx CEO says we are in the middle of the biggest supply chain shift he’s seen in 35 years: ‘We are the referendum’
C-Suite
FedEx CEO says we are in the middle of the biggest supply chain shift he’s seen in 35 years: ‘We are the referendum’
By Fortune EditorsJuly 15, 2026
2 days ago
Buffett says AI giants are ‘playing a game they don’t want to play’ in the AI race, reveals he was behind Berkshire’s $31 billion bet on Google
Big Tech
Buffett says AI giants are ‘playing a game they don’t want to play’ in the AI race, reveals he was behind Berkshire’s $31 billion bet on Google
By Mia OsmonbekovJuly 16, 2026
1 day ago
26 Meta employees accuse Mark Zuckerberg of using AI to target 8,000 layoffs against workers on medical, parental or family leave
Law
26 Meta employees accuse Mark Zuckerberg of using AI to target 8,000 layoffs against workers on medical, parental or family leave
By Barbara Ortutay, Alexandra Olson and The Associated PressJuly 15, 2026
2 days ago
JPMorgan CEO Jamie Dimon says 300,000 workers are needed to rebuild American shipbuilding—with jobs paying $100,000 without a college degree
Success
JPMorgan CEO Jamie Dimon says 300,000 workers are needed to rebuild American shipbuilding—with jobs paying $100,000 without a college degree
By Preston ForeJuly 16, 2026
1 day ago
Current price of oil as of July 17, 2026
Personal Finance
Current price of oil as of July 17, 2026
By Joseph HostetlerJuly 17, 2026
11 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.