FRANKFURT: A previously unknown hacking group variously dubbed “Strider” or “ProjectSauron” has carried out cyber-espionage attacks against select targets in Russia, China, Iran, Sweden, Belgium and Rwanda, security researchers said on Monday.

The group, which has been active since at least 2011 and could have links to a national intelligence agency, uses Remsec, an advanced piece of hidden malware, Symantec researchers said in a blog post.

Remsec spyware lives within an organisation’s network rather than being installed on individual computers, giving attackers complete control over infected machines, researchers said. It enables keystroke logging and the theft of files and other data.

Its code also contains references to Sauron, the all-seeing title character in The Lord of the Rings, Symantec said. Strider is the nickname of the fantasy trilogy’s widely travelled main character Aragorn.

Separately, Moscow-based Kaspersky Lab has labelled the same group using the Remsec spyware as “ProjectSauron”.

The newly discovered group’s targets include four organisations and individuals located in Russia, an airline in China, an organisation in Sweden and an embassy in Belgium, Symantec said.

Kasperksy said it had found 30 organisations hit so far in Russia, Iran and Rwanda, and possibly additional victims in Italian-speaking countries. Remsec targets included government agencies, scientific research centres, military entities, telecoms providers and financial institutions, Kasperksy said.

“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker,” Symantec said, but it did not speculate about which government might be behind the software.

Despite headlines that suggest an endless stream of new types of cyber-spying attacks, Orla Fox, Symantec’s director of security response said the discovery of a new class of spyware like Remsec is a relatively rare event, with the industry uncovering no more than one or two such campaigns per year.

Remsec shares certain unusual coding similarities with another older piece of nation state-grade malware known as Flamer, or Flame, according to Symantec.

Kaspersky agreed that the same group it calls ProjectSauron appears to have adopted the tools and techniques of other better-known spyware, including Flame, but said it does not believe that ProjectSauron and Flame are directly connected.

Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts

to have been used by the United States and Israel to attack Iran’s nuclear programme late in the last decade.

Published in Dawn, August 9th, 2016

Follow Dawn Business on Twitter, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.

Opinion

Editorial

Disregarding CCI
Updated 04 Nov, 2024

Disregarding CCI

The failure to regularly convene CCI meetings means that the process of democratic decision-making is falling apart.
Defeating TB
04 Nov, 2024

Defeating TB

CONSIDERING the fact that Pakistan has the fifth highest burden of tuberculosis in the world as per the World Health...
Ceasefire charade
Updated 04 Nov, 2024

Ceasefire charade

The US talks of peace, while simultaneously arming and funding their Israeli allies, are doomed to fail, and are little more than a charade.
Concerning measures
Updated 03 Nov, 2024

Concerning measures

The govt must seek political input and consensus on the changes it is seeking to make and be open about its intentions.
Short-lived relief?
03 Nov, 2024

Short-lived relief?

POLICYMAKERS must be jumping with joy. At the close of the first quarter of FY25, the budget posted a consolidated...
Brisk spread
03 Nov, 2024

Brisk spread

THE surge in polio cases has reached distressing levels with a tally of 45 last reported, after two cases emerged in...