The Regin Cyber Espionage Group Called the Most Advanced to Date

Regin APT is without a doubt the most advanced APT that has been reported on thus far. This is confirmed by numerous reports (example, another example) by various independent organizations studying the case of Regin (read as “Reagan”). “The general consensus is that Regin is the work of a well-funded nation-state, though it’s impossible to point a finger at any particular country and blame them with certainty,” reads the introduction paragraph of a blog post by Kaspersky.

The Regin group focused on many of the common types of targets: telecommunications, governments, multi-national political bodies, academic organizations, financial institutions, and professionals from the fields of mathematics and cryptography. What sets the Regin APT campaign apart from the rest? They focused on at least one GSM provider – an older standard for most mobile networks around the world. It’s essentially a predecessor of the more recent 3G and 4G networks.

“This means that they could have had access to information about which calls are processed by a particular cell, redirected these calls to other cells, activated neighbor cells and performed other offensive activities. At the present time, the attackers behind Regin are the only ones known to have been capable of preforming such operations,” states the Kaspersky report.

It was suggested that the Regin operation was conducted by the United States’ NSA and the British GCHQ, but many try to only indirectly imply this.

If you are interested in more details about the attacks (and there is a lot of interesting information) have a look at this great article by the WIRED Magazine