|
New spyware detected
targeting firms in Russia, China: Symantec
Send a link to a friend
 [August 08, 2016]
By Eric Auchard
FRANKFURT (Reuters) - A previously unknown
group called "Strider" has been conducting cyber-espionage attacks
against selected targets in Russia, China, Sweden, and Belgium,
U.S.-based computer security firm Symantec Corp said on Monday.
The group, which has been active since at least October 2011 and could
have links to a national intelligence agency, has been using an advanced
piece of hidden malware identified by Symantec as Remsec (Backdoor.Remsec),
the company said in a blog post.
Remsec spyware lives within an organization's network rather than being
installed on individual computers, giving attackers complete control
over infected machines, researchers said. It enables keystroke logging
and the theft of files and other data.
Its code also contains a reference to Sauron, the all-seeing title
character in The Lord of the Rings trilogy, Symantec said. Strider is
the name of another leading character in the fantasy novels.
Despite headlines that suggest an endless stream of new types of
cyber-spying attacks, Orla Fox, Symantec’s Dublin-based director of
security response told Reuters the discovery of a new class of spyware
like Remsec is a relatively rare event, with the industry uncovering no
more than one or two such campaigns per year.
Strider's targets include four organizations and individuals located in
Russia, an airline in China, an organization in Sweden and an embassy in
Belgium, the security company said.
"Based on the espionage capabilities of its malware and the nature of
its known targets, it is possible that the group is a nation state-level
attacker," Symantec said, but it declined to speculate about which
government or governments might be behind the software.
[to top of second column] |
A padlock is displayed at the Alert Logic booth during the 2016
Black Hat cyber-security conference in Las Vegas, Nevada, U.S.
August 3, 2016. REUTERS/David Becker
Meanwhile Moscow-based cybersecurity research firm Kaspersky Lab confirmed that
it has also detected the same spyware and will publish further details of its
findings later on Monday. It has dubbed the group behind it "ProjectSauron".
Remsec shares certain unusual coding similarities with another older piece of
"nation state-grade" malware known as Flamer, or Flame, according to Symantec.
Flamer malware has been linked to Stuxnet, a military-grade computer virus
alleged by security experts to have been used by the United States and Israel to
attack Iran’s nuclear program late in the last decade (http://reut.rs/2b2FA8z).
Further details can be found at http://symc.ly/2aTHoOm
(Editing by Greg Mahlich)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
