New hacker group targets Russia, China, Sweden, and BelgiumStaff Writer | August 8, 2016
A previously unknown group called Strider has been conducting cyberespionage-style attacks against selected targets in Russia, China, Sweden, and Belgium, Symantec says.
Strider A previously unknown group
Strider’s attacks have tentative links with a previously uncovered group, Flamer. The use of Lua modules, which we’ll discuss later, is a technique that has previously been used by Flamer. One of Strider’s targets had also previously been infected by Regin.
Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services.
Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioral engine.
Remsec is primarily designed to spy on targets. It opens a back door on an infected computer, can log keystrokes, and steal files.
Strider has been highly selective in its choice of targets and, to date, Symantec has found evidence of infections in 36 computers across seven separate organizations.
The group’s targets include a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium. ■