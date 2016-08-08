By Eric Auchard
| FRANKFURT
FRANKFURT Aug 8 A previously unknown group
called "Strider" has been conducting cyber-espionage attacks
against selected targets in Russia, China, Sweden, and Belgium,
U.S.-based computer security firm Symantec Corp said on
Monday.
The group, which has been active since at least October 2011
and could have links to a national intelligence agency, has been
using an advanced piece of hidden malware identified by Symantec
as Remsec (Backdoor.Remsec), the company said in a blog post.
Remsec spyware lives within an organisation's network rather
than being installed on individual computers, giving attackers
complete control over infected machines, researchers said. It
enables keystroke logging and the theft of files and other data.
Its code also contains a reference to Sauron, the all-seeing
title character in The Lord of the Rings trilogy, Symantec said.
Strider is the name of another leading character in the fantasy
novels.
Despite headlines that suggest an endless stream of new
types of cyber-spying attacks, Orla Fox, Symantec's Dublin-based
director of security response told Reuters the discovery of a
new class of spyware like Remsec is a relatively rare event,
with the industry uncovering no more than one or two such
campaigns per year.
Strider's targets include four organizations and individuals
located in Russia, an airline in China, an organization in
Sweden and an embassy in Belgium, the security company said.
"Based on the espionage capabilities of its malware and the
nature of its known targets, it is possible that the group is a
nation state-level attacker," Symantec said, but it declined to
speculate about which government or governments might be behind
the software.
Meanwhile Moscow-based cybersecurity research firm Kaspersky
Lab confirmed that it has also detected the same spyware and
will publish further details of its findings later on Monday. It
has dubbed the group behind it "ProjectSauron".
Remsec shares certain unusual coding similarities with
another older piece of "nation state-grade" malware known as
Flamer, or Flame, according to Symantec.
Flamer malware has been linked to Stuxnet, a military-grade
computer virus alleged by security experts to have been used by
the United States and Israel to attack Iran's nuclear programme
late in the last decade (reut.rs/2b2FA8z).
Further details can be found at symc.ly/2aTHoOm
(Editing by Greg Mahlich)