A hacker group called Strider has been on the move in Russia, China, Sweden, and Belgium. According to Symantec, the organization has been spying on prominent individuals, corporations, and even intelligence agencies.
The name comes from the Lord of the Rings trilogy. On of the main characters, Aragorn II Elessar heir of Isildur, goes by the name “Stryder” to conceal his real identity.
Stryder uses a malware called Remsec. It seems to be primarily designed to spy, and its code contains references to Sauron, the main antagonist in J. R. R. Tolkien’s The Lord of the Rings whose eye can see it all. Accordingly, security software company Kaspersky Lab codenamed the group as ProjectSauron in September 2015.
Strider has been active since 2011
Until now, Strider was able to maintain a low profile with reports suggesting its existence going back as far as October 2011. Software security experts Symantec obtained a sample of the group’s malware when a customer submitted it after Norton Security detected the Remsec threat. Symantec and its Norton products identify the malware as Backdoor.Remsec.
The malware in question allows Strider hackers to perform key logger attacks and then steal files. Last month, cyber-security firm Bastille Research explained that in such attacks hackers secretly intercept every keystroke user types and receive them in 100% clear text.
The criminals then search for card numbers, expiration date, CVV code, bank account usernames and passwords, answers to security questions, network access passwords and other secrets involving business or personal documents and emails.
Symantec, undaunted by Strider’s 007-like ways, has been counterspying the group. It found out that Strider has successfully infected 36 computers of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium. Kaspersky Lab disclosed 30 further attacks on groups in Russia, Iran, and Rwanda.
The group might be funded by one or more countries as a part of their cyberwarfare efforts
It’s still unknown how Strider was able to create such a complex espionage-oriented malware and to perform major attacks without being detected. Based on these capabilities, the group may be sponsored by a nation-state looking to penetrate another nation’s computers, or networks or so Symantec believes.
But whether there are whole countries behind these attacks, the undeniable fact is that malware is rising with law enforcement agencies and cyber security companies recently joining forces to stop it.
Back in July, the European Police Agency (Europol) joined forces with the tech giant Intel, Kaspersky Lab, and the Dutch National High Tech Crime Unit (NHTCU) to fight ransomware attacks, which increased from 131,111 in 2014–2015 to 718,536 in 2015–2016.
Ransomware is a type of malware that keeps the system hostage, and the only way to access is with the password the attacker provides once the victim pays, hence the name. The parties involved launched a website called No More Ransom (www.nomoreransom.org) to assist the general public.