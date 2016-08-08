* New strain of cyber-espionage software found by
researchers
* Russia, China, Iran among countries targeted
* Targets range from governments to airlines, financial
firms
By Eric Auchard
FRANKFURT, Aug 8 A previously unknown hacking
group variously dubbed "Strider" or "ProjectSauron" has carried
out cyber-espionage attacks against select targets in Russia,
China, Iran, Sweden, Belgium and Rwanda, security researchers
said on Monday.
The group, which has been active since at least 2011 and
could have links to a national intelligence agency, uses Remsec,
an advanced piece of hidden malware, Symantec
researchers said in a blog post (symc.ly/2aTHoOm).
Remsec spyware lives within an organisation's network rather
than being installed on individual computers, giving attackers
complete control over infected machines, researchers said. It
enables keystroke logging and the theft of files and other data.
Its code also contains references to Sauron, the all-seeing
title character in The Lord of the Rings, Symantec said. Strider
is the nickname of the fantasy trilogy's widely travelled main
character Aragorn.
Separately, Moscow-based Kaspersky Lab has labelled the same
group using the Remsec spyware as "ProjectSauron" (bit.ly/2b0YtqV).
The newly discovered group's targets include four
organizations and individuals located in Russia, an airline in
China, an organization in Sweden and an embassy in Belgium,
Symantec said.
Kaspersky said it had found 30 organisations hit so far in
Russia, Iran and Rwanda, and possibly additional victims in
Italian-speaking countries. Remsec targets included government
agencies, scientific research centres, military entities,
telecoms providers and financial institutions, Kaspersky said.
"Based on the espionage capabilities of its malware and the
nature of its known targets, it is possible that the group is a
nation state-level attacker," Symantec said, but it did not
speculate about which government might be behind the software.
Despite headlines that suggest an endless stream of new
types of cyber-spying attacks, Orla Fox, Symantec's director of
security response said the discovery of a new class of spyware
like Remsec is a relatively rare event, with the industry
uncovering no more than one or two such campaigns per year.
Remsec shares certain unusual coding similarities with
another older piece of nation state-grade malware known as
Flamer, or Flame, according to Symantec.
Kaspersky agreed that the same group it calls ProjectSauron
appears to have adopted the tools and techniques of other
better-known spyware, including Flame, but said it does not
believe that ProjectSauron and Flame are directly connected.
Flamer malware has been linked to Stuxnet, a military-grade
computer virus alleged by security experts to have been used by
the United States and Israel to attack Iran's nuclear programme
late in the last decade (reut.rs/2b2FA8z).
