POST Online Media Lite Edition


New hacker group targets Russia, China, Sweden, and Belgium

Staff Writer |
A previously unknown group called Strider has been conducting cyberespionage-style attacks against selected targets in Russia, China, Sweden, and Belgium, Symantec says.

Article continues below

The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks. Remsec is a stealthy tool that appears to be primarily designed for spying purposes. Its code contains a reference to Sauron, the all-seeing antagonist in Lord of the Rings.

Strider’s attacks have tentative links with a previously uncovered group, Flamer. The use of Lua modules, which we’ll discuss later, is a technique that has previously been used by Flamer. One of Strider’s targets had also previously been infected by Regin.

Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services.

Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioral engine.

Remsec is primarily designed to spy on targets. It opens a back door on an infected computer, can log keystrokes, and steal files.

Strider has been highly selective in its choice of targets and, to date, Symantec has found evidence of infections in 36 computers across seven separate organizations.

The group’s targets include a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium.

What to read next

More than 10,000 Chinese computers hacked in a year
One in three citizens always concerned about safety
Ukraine buys nuclear fuel worth $389 million in 10 months