The U.S.-based digital security company Symantec announced Monday, August 8, that a previously unknown hacking group called "Strider" has been conducting cyber-espionage attacks against selected targets in Belgium, Sweden, China and Russia.
The hacking group has been active since at least October 2011, according to a blog post published by Symantec. "Strider" group has been using a hidden malware called Remsec (Backdoor.Remsec). There are indications that the hacking group could have links to a national intelligence agency.
According to Fortune, cyber security researchers explained that rather than being installed on individual computers, Remsec spyware spreads within an organization's network, giving attackers complete control over infected machines. By enabling keystroke logging, the spyware can be used for the theft of files and other data.
It seems that the members of the "Strider" hacking group are fans of "The Lord of the Rings" trilogy. Strider is the name of a leading character in the trilogy. Remsec's code also contains a reference to the all-seeing title character in the fantasy novels, called Sauron.
Usually, the digital security industry is uncovering no more than one or two new class of spyware per year. In this context, the discovery of Remsec is a relatively rare event.
The security company Symantec declared that Strider's targets include an organization in Sweden, an airline in China, an embassy in Belgium and four organizations and individuals located in Russia. The company added that it is possible that the hacking group is in fact a nation state-level attacker, based on the nature of its known targets and the espionage capabilities of its malware.
According to Symantec, Remsec shares certain coding similarities with Flame or Flamer, another older piece of "nation state-grade" malware. Symantec declined, however, to speculate about which government could be behind this hacking group.
According to PCMag, Kaspersky Lab, a Moscow-based cyber security research company, also confirmed that it has first detected the same spyware in September 2015. Kaspersky Lab has dubbed the hacking group behind the spyware "ProjectSauron."