Strider spying group targets Russia, China, Belgium and Sweden

Strider spying collective hacks an eclectic mix of victims

A secretive spying collective that appears to like Lord of the Rings has attacked an embassy in Belgium and a China airline, among other targets.

Security firm Symantec only recently discovered the stealthy group, dubbed Strider, after finding it has targeted a select number of organisations in China, Russia, Belgium and Sweden over the past five years.

Advertisement - Article continues below

Symantec described the Strider group as "highly selective" and has only found evidence of 36 infections, which affected just seven targets. The majority of these were individuals and organisations in Russia, but also included an airline in China, an organisation in Sweden and an embassy in Belgium.

The attacks are executed using a piece of sophisticated malware known as Remsec, which Symantec described as "a stealthy tool that appears to be primarily designed for spying purposes including a keylogger, network listener, a basic and an advanced pipe back door, and an HTTP back door".

One unique quirk the researchers did discover in the keylogger module's code, however, is a reference to Sauron, the primary antagonist in the Lord of the Rings saga, who appears in the series as a single all-seeing eye. This is, presumably, a joke on the part of the creators, given the module's capability to spy on every keystroke made on the infected computer.

Advertisement - Article continues below
Advertisement - Article continues below

Symantec did not name the targets, nor which nation the embassy in Belgium represented, but said in a blog post: "The [group's] ... targets have been mainly organisations and individuals that would be of interest to a nation state's intelligence services."

The security firm has also declined to speculate as to which nation state could be the originator of the attacks, but said it will continue to search for more Remsec modules and targets in order to increase its understanding of Strider's operations.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020