The Jerusalem Post

Symantec detects new spyware that targets firms in Russia, China

- • By ERIC AUCHARD

FRANKFURT (Reuters) – A previously unknown group called “Strider” has been conducting cyber-espionage attacks against selected targets in Russia, China, Sweden, and Belgium, US-based computer-security firm Symantec Corp. said on Monday.

The group, which has been active since at least October 2011 and could have links to a national intelligen­ce agency, has been using an advanced piece of hidden malware identified by Symantec as Remsec (Backdoor.Remsec), the company said in a blog post.

Remsec spyware lives within an organizati­on’s network rather than being installed on individual computers, giving attackers complete control over infected machines, researcher­s said. It enables keystroke logging and the theft of files and other data.

Its code also contains a reference to Sauron, the all-seeing title character in The Lord of the Rings trilogy, Symantec said. Strider is the name of another leading character in the fantasy novels.

Despite headlines that suggest an endless stream of new types of cyber-spying attacks, Orla Fox, Symantec’s Dublin-based director of security response, told Reuters the discovery of a new class of spyware such as Remsec is a relatively rare event, with the industry uncovering no more than one or two such campaigns per year.

Strider’s targets include four organizati­ons and individual­s located in Russia, an airline in China, an organizati­on in Sweden and an embassy in Belgium, the security company said.

“Based on the espionage capabiliti­es of its malware and the nature of its known targets, it is possible that the group is a nation-state-level attacker,” Symantec said. It declined to speculate about which government or government­s might be behind the software.

Meanwhile, Moscow-based cybersecur­ity research firm Kaspersky Lab confirmed that it has also detected the same spyware and was to publish further details of its findings later on Monday. It has dubbed the group behind it “ProjectSau­ron.”

Remsec shares certain unusual coding similariti­es with another older piece of “nationstat­e-grade” malware known as Flamer, or Flame, according to Symantec.

Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts to have been used by the United States and Israel to attack Iran’s nuclear program late

in the last decade.

?? (David Becker/Reuters) ?? MODELS DRESSED as Security Man and Cloud Woman interact with attendees at the Gemalto booth during the 2016 Black Hat cybersecur­ity conference in Las Vegas last week.
(David Becker/Reuters) MODELS DRESSED as Security Man and Cloud Woman interact with attendees at the Gemalto booth during the 2016 Black Hat cybersecur­ity conference in Las Vegas last week.

Newspapers in English

Newspapers from Israel