Sauron spyware attacking targets in Belgium, China, Russia and Sweden

A previously unknown hacking group called Strider has been conducting cyber espionage against selected targets in Belgium, China, Russia and Sweden, according to Symantec.

The security firm suggested that the product of the espionage would be of interest to a nation state’s intelligence services.

Strider uses malware known as Remsec that appears primarily to have been designed for espionage, rather than as ransomware or any other nefarious software.

Symantec has linked Strider with a group called Flamer which uses similar attack techniques and malware.

The Lord of the Rings reference is deliberate as the Remsec stealth tool contains a reference to Sauron, the necromancer and main protagonist in a number of Tolkien’s stories.

“Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organisations and individuals that would be of interest to a nation state’s intelligence services,” said Symantec in a blog post.

“Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioural engine.”

The security company explained that Strider has been highly selective in its targeting so far, limiting it to 36 infections across seven organisations in four countries. Russia accounts for four of those seven organisations.

“The Remsec malware used by Strider has a modular design. Its modules work together as a framework that provides the attackers with complete control over an infected computer, allowing them to move across a network, exfiltrate data and deploy custom modules as required,” said Symantec.

“Remsec contains a number of stealth features that help it to avoid detection. Several of its components are in the form of executable binary large objects, which are more difficult for traditional antivirus software to detect.

“In addition to this, much of the malware’s functionality is deployed over the network, meaning it resides only in a computer’s memory and is never stored on disk. This also makes the malware more difficult to detect, and indicates that the Strider group are technically competent attackers.”

Symantec has compiled a Backdoor.Remsec: Indicators of Compromise briefing paper containing further details to help identify the threats.

Source: theinquirer.net

Similar Posts

Give War a Chance? Fake News Is Already Making It Happen in Ukraine

Give War a Chance? Fake News Is Already Making It Happen in Ukraine

Western media leads us into war in Ukraine with Russia, but don’t worry, Biden’s got the autocue working now. Western media leads us into war in Ukraine with Russia, but don’t worry, Biden’s got the autocue working now. “We’re heading for a war in Ukraine not because of Putin but because of western media provoking…

Recep Erdogan And The Geopolitical Box Of Pandora

Recep Erdogan And The Geopolitical Box Of Pandora

Famous French experts on Turkey, in analysis compared Recep Erdogan with Charles de Gaulle some 4-5 years ago. Incredible! Yes, that is how it was then! But certain events that took place led not only the French analysts but most of their Western colleagues to begin calling the Turkish President “Islamist”, a “Sultan” and a “dictator”. The Western press…

Growing Chinese Influence Could Be Why Haitian President Was Assassinated

Growing Chinese Influence Could Be Why Haitian President Was Assassinated

Two weeks after being brutally assassinated, Haitian President Jovenel Moïse was buried on July 23 in Cap-Haïtien. Seriously injured during the attack, his wife Martine had her arm in a sling and questioned at the funeral: “What crime have you committed to deserve such punishment?” Among the U.S. diplomats at the funeral was Daniel Foote, new American envoy for…

Leave a Reply

Your email address will not be published. Required fields are marked *