Strider spying group targets Russia, China, Belgium and Sweden

Strider spying collective hacks an eclectic mix of victims

A secretive spying collective that appears to like Lord of the Rings has attacked an embassy in Belgium and a China airline, among other targets.

Security firm Symantec only recently discovered the stealthy group, dubbed Strider, after finding it has targeted a select number of organisations in China, Russia, Belgium and Sweden over the past five years.

Symantec described the Strider group as "highly selective" and has only found evidence of 36 infections, which affected just seven targets. The majority of these were individuals and organisations in Russia, but also included an airline in China, an organisation in Sweden and an embassy in Belgium.

The attacks are executed using a piece of sophisticated malware known as Remsec, which Symantec described as "a stealthy tool that appears to be primarily designed for spying purposes including a keylogger, network listener, a basic and an advanced pipe back door, and an HTTP back door".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

One unique quirk the researchers did discover in the keylogger module's code, however, is a reference to Sauron, the primary antagonist in the Lord of the Rings saga, who appears in the series as a single all-seeing eye. This is, presumably, a joke on the part of the creators, given the module's capability to spy on every keystroke made on the infected computer.

Symantec did not name the targets, nor which nation the embassy in Belgium represented, but said in a blog post: "The [group's] ... targets have been mainly organisations and individuals that would be of interest to a nation state's intelligence services."

The security firm has also declined to speculate as to which nation state could be the originator of the attacks, but said it will continue to search for more Remsec modules and targets in order to increase its understanding of Strider's operations.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019