Symantec reports on the activity of a previously mysterious group dubbed "Strider" that deploys cyber-espionage actions against targets in Belgium, China, Sweden and Russia.
The American-based security company warns that the group has been active since October 2011 and might be in close ties with a national intelligence agency. Symantec identifies one of the main tools of Strider as Remsec (Backdoor.Remsec), which is a complex example of hidden malware.
As opposed to malware that gets entangled in an individual machine, Remsec spyware crawls throughout the network of organizations, giving hackers total control over the machines it infects. Some of its malicious capabilities are the theft of files and various data and the ability to login keystrokes.
According to the researchers, the source code of Remsec has references to Sauron, the all-seeing evil character from The Lord of the Rings trilogy. Symantec decided to refer to the group as "Strider," a name belonging to another leading character in J.R.R. Tolkien's books.
Based on the high number of headlines that reports on novel cyber-spying attack types, it may seem that Remsec is just another flaw in security. However, Symantec's head of security response, Orla Fox, points out that the discovery of a special class of spyware such as Remsec is something to be noted. The reason behind it is that the cyber protection industry merely discovers one or two such campaigns on a yearly basis.
Among the identified victims of Strider, we find four organizations and Russian individuals, a Chinese airline company, a Swedish organization and an embassy in Belgium. Symantec did not reveal the country the embassy belongs to.
"Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker," Symantec notes.
The cybersecurity venture refused to reveal speculations pertaining to which government or governments might be tied to Strider's actions.
Meanwhile, research firm Kaspersky Lab also confirmed the existence of the spyware. Kaspersky affirms that it is planning to publish more details about its findings at a later date.
Interestingly enough, Remsec seems to have taken a page out of another older piece of "nation state-grade" malware. The inspiration for Remsec seems to have been Flamer, or Flame, a piece of code that was used by operational cyber espionage in recent years.
Computer experts are tracing a connection between the Flamer malware and Stuxnet, a military-grade computer virus. Security researchers claim that Stuxnet has been deployed by the United States and Israel against Iran's nuclear program in the last decade.