Regin: a malicious platform to spy GSM networks
by Marcelo Lozano • 2014/11/25
Regin: una plataforma maliciosa para espiar redes GSM | IT Connect Latin American Chapter http://ow.ly/ERYwF
http://itclat.com/2014/11/25/regin-666/
traducido por Federico Dilla
inspirado por Marcelo Lozano
The Global Research and Analysis Team at Kaspersky Lab has published his research on Regin - the first known cyber attack platform to penetrate and control the GSM networks in addition to other tasks "standard" cyber espionage.
The attackers behind this platform have compromised computer networks in at least 14 countries around the world, including Brazil.
The main victims of this actor are: telecom operators, governments, financial institutions, research organizations, multinational political organizations and individuals involved in advanced math / encryption research.
• The victims of this vector is found in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Syria and Russia.
Regin • The platform consists of multiple malicious tools capable of endangering the entire network of an attacked organization. The Regin platform uses a method of incredibly complex communication networks and servers infected command and control, which allows remote control and data transmission surreptitiously.
• A module Regin in particular is able to monitor drivers GSM base stations, gathering data on GSM cellular and network infrastructure.
• In the course of a single month in April 2008, the attackers collected administrative credentials that allowed them to manipulate a GSM network in a Middle Eastern country.
• Some of the first signs of Regin appear to have been created since 2003.
In the spring of 2012 Kaspersky Lab malware realized Regin, who seemed to belong to a sophisticated cyber-spying campaign. For almost three years Kaspersky Lab tracked this malware worldwide. Occasionally, signs appeared in various multi-scanner, but none was related services together, were cryptic functionality and devoid of context. However, Kaspersky Lab samples could get involved in several real attacks around the world, including those against government institutions and telecom operators, and this provided sufficient information to investigate this threat more fondo.Como result, the study found that Regin is not only a malicious program, but a platform - a software package that consists of several modules that can infect the entire network of target organizations to take complete control remotely all possible levels. The target region is the compilation of attacked confidential data networks and performing various other types of player ataques.El Regin behind the platform has a well developed control method infected networks. Kaspersky Lab observed several organizations committed in a country, but only one of them was programmed to communicate with the command and control server located in another country.However however, all victims of Regin in the region were connected by a network peer-to-peer VPN and were able to communicate. Therefore, attackers organizations became involved in a vast unified victim and were able to send commands and steal information through a single entry point. According to research by Kaspersky Lab this structure allowed the player to operate in silence for years without arousing suspicion.
The most original and interesting feature of Regin platform is its ability to attack the GSM networks. According to an activity log of a GSM Base Station Controller obtained by researchers at Kaspersky Lab during the investigation, the attackers were able to obtain credentials that allow them to control the GSM cellular network in the largest cellular operator. This means they could have had access to information about calls that are processed by a particular cell, redirect these calls to other cell, activate cellular neighbors and perform other offensive activities. At present, the attackers behind Regin are the only ones known to have been able to perform these operations.
"The ability to penetrate and control the GSM networks is perhaps the most unusual and interesting aspect of these operations. In today's world, we have become too dependent on mobile networks based on old communication protocols with little or no security available to the end user. Although all GSM networks have built-in mechanisms that allow institutions such as the police track down suspects, other parts can hack this skill and abuse it to launch various attacks against mobile users, "said Costin Raiu, Director of Global Equipment Research and Analysis at Kaspersky Lab.
Regin: una plataforma maliciosa para espiar redes GSM
by Marcelo Lozano •
Regin: una plataforma maliciosa para espiar redes GSM | IT Connect Latin American Chapter http://ow.ly/ERYwF
http://itclat.com/2014/11/25/regin-666/
traducido por Federico Dilla
inspirado por Marcelo Lozano