Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 11 MINUTES AGO.
You are here: Home / Viruses & Malware / Strider Spy Group Targets Russia
Strider Spy Group Targets Russia, China and Europe
Strider Spy Group Targets Russia, China and Europe
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
08
2016
Software security firm Symantec has identified a group called Strider that's aiming spying-related malware at individuals and organizations in Belgium, China, Russia and Sweden. Apparently active since at least late 2011, Strider has kept a low profile and could be a nation-state attacker, Symantec said.

Strider uses "stealthy," hard-to-detect malware called Remsec that provides backdoor access to infected computers for stealing data, logging keystrokes and other actions, according to Symantec. The organization appears to be highly selective, with only 36 attacks against seven targets detected since October of 2011.

In a separate report released today, the cybersecurity company Kaspersky Lab identified the spying group as "ProjectSauron." The name stems from a string in the malware's keylogger module that includes the word "Sauron," the main villain in J.R.R. Tolkien's "The Lord of the Rings."

Malware Resides 'Only in Memory'

"Strider is capable of creating custom malware tools and has operated below the radar for at least five years," Symantec's Security Response team wrote yesterday in a blog post. "Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker."

The security team said it first detected Strider's malware through its behavioral engine that uses machine learning to look for anomalous computer processes. The researchers then analyzed a sample of the Remsec malware they obtained from a customer.

Remsec uses a variety of modules that together work as "a framework that provides the attackers with complete control over an infected computer," the Symantec team noted. The malware is difficult to detect in part because many of its features are "deployed over the network, meaning it resides only in a computer's memory and is never stored on disk."

Aimed at Government, Military Targets

In a report released today, Kaspersky Lab described the same malware as "ProjectSauron," which it first detected in September.

"The suspicious module was an executable library, loaded in the memory of a Windows domain controller (DC)," Kasperksy's Global Research and Analysis Team wrote today in a security note. "The library was registered as a Windows password filter and had access to sensitive data in cleartext. Additional research revealed signs of massive activity from a new threat actor that we codenamed 'ProjectSauron,' responsible for large-scale attacks against key governmental entities in several countries."

The Kaspersky team said the malware has targeted more than 30 victim organizations in Russia, Iran and Rwanda, as well as some in Italian-speaking countries. The added that it's likely many other targets in other regions could also be affected.

The key targets appear to be government and military organizations, scientific research centers, telecom operators and financial organizations, according to Kaspersky.

Orla Fox, Symantec's director of security response, told Reuters that cybersecurity firms don't often discover new types of malware like Remsec.

"Strider's attacks have tentative links with a previously uncovered group, Flamer," according to Symantec. Remsec's use of modules written in the programming language Lua "is a technique that has previously been used by Flamer," Symantec noted. "One of Striders targets had also previously been infected by Regin."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.