Report: New ‘Strider’ espionage group struck targets in four nations

A newly discovered, highly selective cyber espionage actor has been active since 2011, Symantec reported Sunday.

According to the antivirus and information security vendor, the “Strider” group, using advanced malware known as “Remsec,” has stayed under the radar in part by attacking only a small number of targets in a small number of countries.

{mosads}Though Strider has been active since 2011, Symantec found only 36 total infections across a scant seven organizations. Targets were located in four nations: Belgium, China, Sweden and Russia.

“[I]ts targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services,” Symantec wrote in an online report about its discovery. 

Targets include an airline in China, an organization in Sweden and an embassy in Belgium. 

Symantec said Remsec can be outfitted with a number of different modules to change its capabilities, ultimately giving it complete control over a computer. Its usage appears to be focused on exfiltrating data. 

Symantec’s analysis revealed at least a small amount of personality for the attackers, who appear to enjoy “The Lord of the Rings.” A keylogging module contains a reference to Sauron, an all-seeing evil in J.R.R. Tolkien’s series of books. Strider is also an alias of series protagonist Aragorn.