link between nsa regin cyberespionage malware becomes more clear
Last Updated : GMT 06:49:16
Arab Today, arab today
Arab Today, arab today
Last Updated : GMT 06:49:16
Arab Today, arab today

Link between NSA, regin cyberespionage malware becomes more clear

Arab Today, arab today

Arab Today, arab today Link between NSA, regin cyberespionage malware becomes more clear

Keylogging malware
Tehran - FNA

Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.
The keylogger program, likely part of an attack framework used by the US National Security Agency and its intelligence partners, is dubbed QWERTY and was among the files that former NSA contractor Edward Snowden leaked to journalists. It was released by German news magazine Der Spiegel on Jan. 17 along with a larger collection of secret documents about the malware capabilities of the NSA and the other Five Eyes partners—the intelligence agencies of the UK, Canada, Australia and New Zealand, PCworld reported.
“We’ve obtained a copy of the malicious files published by Der Spiegel and when we analyzed them, they immediately reminded us of Regin,” malware researchers from antivirus firm Kaspersky Lab said Tuesday in a blog post. “Looking at the code closely, we conclude that the ‘QWERTY’ malware is identical in functionality to the Regin 50251 plugin.”
Moreover, the Kaspersky researchers found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which handles kernel-mode hooking. This component allows the malware to run in the highest privileged area of the operating system—the kernel.
This is strong proof that QWERTY can only operate as part of the Regin platform, the Kaspersky researchers said. “Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source code, we conclude the QWERTY malware developers and the Regin developers are the same or working together.”
Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is used by all Five Eye partners. This is based on references in the code to a dependency called WzowskiLib or CNELib.
In a separate leaked document authored by the Communications Security Establishment Canada, the Canadian counterpart of the NSA, WARRIORPRIDE is described as a flexible computer network exploitation (CNE) platform that’s an implementation of the “WZOWSKI” Five Eyes API (application programming interface).
The document also notes that WARRIORPRIDE is known under the code name DAREDEVIL at the UK Government Communications Headquarters (GCHQ) and that the Five Eyes intelligence partners can create and share plug-ins for it.

 

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

link between nsa regin cyberespionage malware becomes more clear link between nsa regin cyberespionage malware becomes more clear

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

link between nsa regin cyberespionage malware becomes more clear link between nsa regin cyberespionage malware becomes more clear

 



GMT 21:00 2017 Monday ,09 October

Turkey urges US to review visa suspension as lira

GMT 09:21 2014 Wednesday ,17 December

5 new science-based tips on how to eat healthy

GMT 14:45 2013 Saturday ,13 July

Eman Salama ecstatic to work with Adel Emam

GMT 14:09 2016 Wednesday ,07 December

Porto, Sevilla eye clinching victories for last 16

GMT 12:39 2017 Thursday ,23 March

Liverpool great Moran dies, aged 83

GMT 08:37 2017 Wednesday ,12 April

Naima Kamel receives spring with collection

GMT 14:49 2017 Tuesday ,28 November

French international schools strike over cuts

GMT 11:34 2014 Sunday ,27 April

Best home design

GMT 19:36 2011 Friday ,11 March

Cuts threaten plans for special needs children

GMT 14:16 2017 Thursday ,23 February

Bahrain weather forecast

GMT 21:01 2013 Sunday ,18 August

Egypt police ban vigilante groups in streets

GMT 15:37 2017 Thursday ,10 August

For 'embarrassing' selfies with Mogherini
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday