"Regin" cyber espionage networks work in progress GSM telephony
Various Security Alerts Technical corner FaraVirusi lifestyle Spam Interviews News Reviews Video Optimization System Backup and Data Recovery HDD Defragmenter Partitioning Tips & Tricks Products Security Other Security work in progress Solutions Antispyware Firewall settings Guide Recommended Online Privacy (Online Privacy) Privacy Protection Parental Control Smartphone Security AntiVirus Software Security Suite Beta Testing comparative tests Promotions Promotions Contests Contests Panda Free licenses eMAG promotional discounts Cleaners Phishing & Viruses Virus Alert Rogue Websites infected
Team Global Research and Analysis Team at the Kaspersky Lab published a research report on Regin, the first cyber attack platform that allows attackers to access and monitor GSM networks, work in progress in addition to other activities of cyber espionage. The attackers behind Regin compromised computer networks in at least 14 different countries. The main victims of Regin operation are: telecom operators, financial institutions and government research organizations, political organizations, multinational and individual users involved work in progress in research mathematics / Advanced Cryptography. Victims were located in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Syria and Russia. Regin platform consists of multiple dangerous tools that can compromise an entire organizational network. Regin platform uses a complex communication method between infected networks and command and control servers, allowing remote control work in progress and data transmission in secret. A Regin can monitor how cells control systems GSM, GSM cells and collecting data network infrastructure. In April 2008, the attackers collected administrative information that enabled them to manipulate at least a GSM network in a country in the Middle East. Some samples Regin appear to have been created since 2003.
In the spring of 2012, Kaspersky Lab experts have started analyzing work in progress malware Regin who seemed to be the instrument of a sophisticated campaign of cyber espionage. Kaspersky Lab experts have watched this malware over a period of almost three consecutive years.
From time to time, experts discovered Kaspesky Lab samples without a link on several public service scan with obscure functionality without a specific work in progress context. work in progress However, Kaspersky Lab experts have obtained some samples used in actual attacks, including attacks against work in progress government institutions and telecom operators, finding enough information to analyze this threat in detail.
Depth study showed that Regin is not just a malicious program, but a platform - a software package that consists of multiple modules that can infect target enterprise networks, in order to achieve remote work in progress control on all possible levels. The attackers behind Regin aim to collect work in progress confidential data from networks attacked.
The actor behind Regin platform has a well developed method to control infected networks. Kaspersky Lab experts work in progress have found several organizations compromised in one country, but only one of them was programmed to communicate with command work in progress and control server located in another country.
However, all victims Regin part of a VPN network peer-to-peer, being able to communicate with each other. The attackers have compromised turned all organizations in a single entity, being able to send commands and to steal information through a single access point. According to the results found by Kaspersky Lab experts, this structure allowed the attackers to operate in silence for many years, without creating suspicion.
An original and interesting feature Regin platform is its ability to attack GSM networks. According to information logged on GSM cell control system obtained by Kaspersky Lab experts during the investigation, the attackers work in progress could access data that allowed them to control cells GSM telecommunications network operator important. This means that attackers had access to information about calls processed by a particular cell, and were able to redirect the calls to other cells or to activate neighboring cells. Currently, according work in progress to the findings, the attackers behind Regin attackers are only capable of such operations. work in progress
"The ability to access and monitor GSM is perhaps the most unusual and interesting aspect of these operations," said Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab. "We have become too dependent on telephone networks
Various Security Alerts Technical corner FaraVirusi lifestyle Spam Interviews News Reviews Video Optimization System Backup and Data Recovery HDD Defragmenter Partitioning Tips & Tricks Products Security Other Security work in progress Solutions Antispyware Firewall settings Guide Recommended Online Privacy (Online Privacy) Privacy Protection Parental Control Smartphone Security AntiVirus Software Security Suite Beta Testing comparative tests Promotions Promotions Contests Contests Panda Free licenses eMAG promotional discounts Cleaners Phishing & Viruses Virus Alert Rogue Websites infected
Team Global Research and Analysis Team at the Kaspersky Lab published a research report on Regin, the first cyber attack platform that allows attackers to access and monitor GSM networks, work in progress in addition to other activities of cyber espionage. The attackers behind Regin compromised computer networks in at least 14 different countries. The main victims of Regin operation are: telecom operators, financial institutions and government research organizations, political organizations, multinational and individual users involved work in progress in research mathematics / Advanced Cryptography. Victims were located in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Syria and Russia. Regin platform consists of multiple dangerous tools that can compromise an entire organizational network. Regin platform uses a complex communication method between infected networks and command and control servers, allowing remote control work in progress and data transmission in secret. A Regin can monitor how cells control systems GSM, GSM cells and collecting data network infrastructure. In April 2008, the attackers collected administrative information that enabled them to manipulate at least a GSM network in a country in the Middle East. Some samples Regin appear to have been created since 2003.
In the spring of 2012, Kaspersky Lab experts have started analyzing work in progress malware Regin who seemed to be the instrument of a sophisticated campaign of cyber espionage. Kaspersky Lab experts have watched this malware over a period of almost three consecutive years.
From time to time, experts discovered Kaspesky Lab samples without a link on several public service scan with obscure functionality without a specific work in progress context. work in progress However, Kaspersky Lab experts have obtained some samples used in actual attacks, including attacks against work in progress government institutions and telecom operators, finding enough information to analyze this threat in detail.
Depth study showed that Regin is not just a malicious program, but a platform - a software package that consists of multiple modules that can infect target enterprise networks, in order to achieve remote work in progress control on all possible levels. The attackers behind Regin aim to collect work in progress confidential data from networks attacked.
The actor behind Regin platform has a well developed method to control infected networks. Kaspersky Lab experts work in progress have found several organizations compromised in one country, but only one of them was programmed to communicate with command work in progress and control server located in another country.
However, all victims Regin part of a VPN network peer-to-peer, being able to communicate with each other. The attackers have compromised turned all organizations in a single entity, being able to send commands and to steal information through a single access point. According to the results found by Kaspersky Lab experts, this structure allowed the attackers to operate in silence for many years, without creating suspicion.
An original and interesting feature Regin platform is its ability to attack GSM networks. According to information logged on GSM cell control system obtained by Kaspersky Lab experts during the investigation, the attackers work in progress could access data that allowed them to control cells GSM telecommunications network operator important. This means that attackers had access to information about calls processed by a particular cell, and were able to redirect the calls to other cells or to activate neighboring cells. Currently, according work in progress to the findings, the attackers behind Regin attackers are only capable of such operations. work in progress
"The ability to access and monitor GSM is perhaps the most unusual and interesting aspect of these operations," said Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab. "We have become too dependent on telephone networks
No comments:
Post a Comment