Names | Strider (Symantec) ProjectSauron (Kaspersky) | |
Country | USA | |
Motivation | Information theft and espionage | |
First seen | 2011 | |
Description | (Symantec) Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services. Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioral engine. Remsec is primarily designed to spy on targets. It opens a back door on an infected computer, can log keystrokes, and steal files. Strider has been highly selective in its choice of targets and, to date, Symantec has found evidence of infections in 36 computers across seven separate organizations. The group’s targets include a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium. | |
Observed | Sectors: Defense, Embassies, Financial, Government, Telecommunications and Scientific research centers. Countries: Belgium, China, Iran, Russia, Rwanda, Sweden. | |
Tools used | Remsec. | |
Information | <https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets> <https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf> | |
MITRE ATT&CK | <https://attack.mitre.org/groups/G0041/> |
Last change to this card: 22 April 2020
Download this actor card in PDF or JSON format
Previous: Storm-0558
Next: Suckfly
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |