Little known hacking group Strider conducting cyber espionage against Belgium, China, Russia, others
09 Aug 2016
A so far unknown hacking group called Strider has been conducting cyber espionage against selected targets in Belgium, China, Russia and Sweden, Symantec said.
According to the security firm, the product of the espionage would be of interest to a nation state's intelligence services.
The group uses a malware called Remsec that appears primarily to have been designed for espionage, rather than as ransomware or any other nefarious software.
Symantec has linked Strider with a group called Flamer which deploys similar attack techniques and malware.
"Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organisations and individuals that would be of interest to a nation state's intelligence services," said Symantec in a blog post.
"Symantec obtained a sample of the group's Remsec malware from a customer who submitted it following its detection by our behavioural engine."
Strider had been selective in its targeting so far, with 36 infections across seven organisations in four countries, with Russia accounting for four of those seven organisations.
"The Remsec malware used by Strider has a modular design. Its modules work together as a framework that provides the attackers with complete control over an infected computer, allowing them to move across a network, exfiltrate data and deploy custom modules as required," said Symantec.
Remsec spyware lived within the network of an organisation rather than being installed on individual computers, which gives attackers complete control over infected machines, researchers said. It allowed keystroke logging and the theft of files and other data.
The Remsec code also contained a reference to Sauron, the all-seeing title character in The Lord of the Rings trilogy, Symantec said. Another leading character in the fantasy novels was called Strider.
According to Orla Fox, Symantec's Dublin-based director of security response who spoke to Reuters, the discovery of a new class of spyware like Remsec was a relatively rare event, and only one or two such campaigns detected every year.
