Snowden documents lead to Regin and malware.

The malware  seems to be related to the QWERTY keylogger found in the Snowden documents.  The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents.

Here is a blog post on the analysis of the QWERTY keylogger to the Regin malware:

This is an important conclusion in the Securelist blogpost:

Another important observation is that Regin plugins are stored inside an encrypted and compressed VFS, meaning they don’t exist directly on the victim’s machine in “native” format. The platform dispatcher loads and executes there plugins at startup. The only way to catch the keylogger is by scanning the system memory or decoding the VFSes.

Very sophisticated and very hard to detect.


Here is also a “Connect the Dots”  event:


It is good to know your adversary, and it is clear now that Russia may be hacking with some financial gain in mind, but it is not always the only reason

In 2008 the Russo-Georgian war was also fought on the cyber-front. Even if there is no direct communication by the Russian government and various hackers, it is easy for the criminal hackers (the civilians) to get “a message” like we don’t like the country of Georgia because of A, B, or C. And we are currently attacking  Georgia, so the civilians are in the belief that they will be  in the right to attack Georgian machines.



Why do I bring this up?Because the causes and reasons may be varied but ever more sophisticated attacks are coming(if not already here) from adversaries that have deep pockets.


If you do not up your game there will be many more Sony corp events in 2015.


we are here to help you shore up the nitty gritty… Compliance, policies, testing…  the blocking and tackling of IT security

 Contact Us

By zafirt

2 thoughts on “QWERTY keylogger: “Connect the Dots””

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.