New cyber-espionage group targets Russia, China

Security researchers from Symantec have uncovered a new group that's been in the international espionage business for at least five years.

The group, according to Symantec, is called Strider, and has kept a pretty low profile so far, only to now be noticed by the company's behavioural engine.

It uses a backdoor called Remsec (Backdoor.Remsec), and is very specific when targeting victims. Remsec has been spotted on a total of 36 machines, in seven organisations, located in four countries: Russia, China, Belgium and Sweden. An airline in China, and an embassy in Belgium were among the targets, although Symantec failed to provide more details.

What it did say about the virus is that it is modular in design, meaning it has multiple modules working together to form a framework. It allows attackers complete control over the infected machine, allows them to move across the network and exfiltrate data. It also logs keystrokes.

Symantec speculates this could be a state-sponsored attack.

"Strider is capable of creating custom malware tools and has operated below the radar for at least five years,” it says.

“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker. Symantec will continue to search for more Remsec modules and targets in order to build upon our understanding of Strider and better protect our customers.”

The full report can be found on this link.

Image Credit: Symantec