Components of Regin Malware Toolkit May Have Been Used Independently

9 years ago
22 January 2015
1 reply
225 views

Userlevel 7

+54

Jasper_The_Rasper
Moderator
10575 replies

By Ionut Ilascu 22 Jan 2015

Some modules could have been created before 2003

Some of the modules used in cyber-espionage toolkit Regin are likely to have been created before the malware platform and integrated into it as they were readily available.

Security researchers from Kaspersky analyzed Hopscotch and Legspin components discovered in Regin advanced persistent threat (APT) and determined that they could have been used separately for lateral movement and as a backdoor into systems targeted in other attacks.

Simple tool for lateral movement

According to the analysis from Costin Raiu and Igor Soumenkov, Hopscotch is an interactive tool that permits moving deeper into the targeted network. It does not contain any exploits but includes an executable file for lateral movement activity. Full Article.

1 reply

Userlevel 7

+54

Jasper_The_Rasper
Author
Moderator
10575 replies
9 years ago
22 January 2015

There is more information here:

by Michael Mimoso January 22, 2015

The Regin malware platform used to steal secrets from government agencies, banks and GSM network operators caught the attention of security experts who called it one of the most advanced attack platforms that has been studied, surpassing Flame, Duqu, even Stuxnet.

Researchers at Kaspersky Lab said Regin could be tuned to attack large organizations or even individuals, pointing out that noted cryptographer Jean Jacques Quisquater was one of its first public victims.

Today, details about a pair of Regin modules were released by Kaspersky’s Global Research and Analysis Team, one module used for lateral movement, while the other establishes a backdoor in order to move data off compromised machines.

Full Article

Simple tool for lateral movement

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded