Strider spying group targets Russia, China, Belgium and Sweden

Strider spying collective hacks an eclectic mix of victims

A secretive spying collective that appears to like Lord of the Rings has attacked an embassy in Belgium and a China airline, among other targets.

Security firm Symantec only recently discovered the stealthy group, dubbed Strider, after finding it has targeted a select number of organisations in China, Russia, Belgium and Sweden over the past five years.

Advertisement - Article continues below

Symantec described the Strider group as "highly selective" and has only found evidence of 36 infections, which affected just seven targets. The majority of these were individuals and organisations in Russia, but also included an airline in China, an organisation in Sweden and an embassy in Belgium.

The attacks are executed using a piece of sophisticated malware known as Remsec, which Symantec described as "a stealthy tool that appears to be primarily designed for spying purposes including a keylogger, network listener, a basic and an advanced pipe back door, and an HTTP back door".

One unique quirk the researchers did discover in the keylogger module's code, however, is a reference to Sauron, the primary antagonist in the Lord of the Rings saga, who appears in the series as a single all-seeing eye. This is, presumably, a joke on the part of the creators, given the module's capability to spy on every keystroke made on the infected computer.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Symantec did not name the targets, nor which nation the embassy in Belgium represented, but said in a blog post: "The [group's] ... targets have been mainly organisations and individuals that would be of interest to a nation state's intelligence services."

The security firm has also declined to speculate as to which nation state could be the originator of the attacks, but said it will continue to search for more Remsec modules and targets in order to increase its understanding of Strider's operations.

Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020