...the head of the German Federal Chancellery unit had his private laptop infected.
According to a recent report published by Der Spiegel, the laptop of the Chancellery division leader was infected with Regin – a highly advanced espionage malware program that has been linked to the National Security Agency (NSA) and its UK counterpart, the Government Communications Headquarters (GCHQ).
As The Hacker News reported almost a year ago, Regin is one of the most highly advanced, sophisticated malware programs that was used to spy on a wide range of international targets including:
- Internet service providers (ISPs)
- Telecommunications backbone operators
- Energy firms
- Government entities
- Research institutes
- Other high-profile individuals
…around the world since at least 2008.
Regin has dozens of modules that enable a range of functionality, including:
- Capturing screenshots
- Seizing control of an infected computer's mouse
- Stealing passwords
- Monitoring network traffic
- Recovering deleted files
- Data exfiltration
In-depth technical analysis showed that Regin bears some resemblance to the infamous espionage trojans Flame and Duqu, as well as Stuxnet worm that the US and Israel reportedly used to sabotage Iran's nuclear program.
Files leaked by former NSA contractor Edward Snowden have further linked Regin to the NSA, specifically to a keylogging plugin dubbed QWERTY that was used in the NSA's WarriorPride framework.
The bottom line:
Regin and WARRIORPRIDE are one and the same thing.
Recent Der Spiegel reports that Regin had been discovered infecting the laptop of a head of the Federal Chancellery Unit – the federal agency that serves the office of the Chancellor (presently Mrs Angela Merkel) – has once again strained relationships between Germany and the United States.
Previously the relations between the two got deteriorated when Snowden documents revealed that the NSA agents tapped into Angela Merkel's mobile phone. The U.S. Prosecutors in Germany investigated that claim but dropped later in June due to insufficient evidence.
The Officials have initiated an investigation into the latest discovery and aren't jumping to any conclusions yet, but it is easy to guess where their suspicions lie.
If the evidence holds up, and if Regin is indeed WARRIORPRIDE, it could worsen the relationships that have already turned a bit sour. However, since the tool is used by the five-eyes of different countries, identifying the culprit might prove difficult.