Daily Management Review

Rare Spyware Has Been Detected Which Could Have Liason With ‘National Intelligence’


China, Russia, Belgium, and Sweden are the targets of cyber security threat.

Symantec Corp, a computer security firm based in the U.S, reported that “selected targets” in Belgium, China, Russia and Sweden have been in the strike list of Strider’s “cyber-espionage attacks”. Strider is a group that has been “active” from the month of October 2011.
There are speculations that Strider could have “links to a national intelligence agency”. Moreover, Symantec has identified that the group has been using “Remsec (Backdoor.Remsec)”, whereby the blog post of Symantec claimed it to be “an advanced piece of hidden malware”. As per Reuters:
“Remsec spyware lives within an organization's network rather than being installed on individual computers, giving attackers complete control over infected machines, researchers said. It enables keystroke logging and the theft of files and other data”.
In fact, the code of Ramsec refers to the fabled character’s name Sauron, “the all-seeing” eye of the “The Lord of the Rings trilogy”, while the name Strider also has been borrowed from the name of an “another leading character in the fantasy novels”. Symantec’s Director of Security Response, Orla Fox, informed Reuters that within an “endless stream of new types of cyber-spying attacks” the discovery of Remsec is “a relatively rare event”, which may at most occur once or twice a year.
Revealing the target zones of Strider, the company enlisted the names of “four organizations and individuals” who are based in Russia, “an airline in China, an organization in Sweden and an embassy in Belgium”. While, Symantec also added:
"Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker”.
However, the security company did not specify any names. On the other hand, Kaspersky Lab, another cyber-security firm based at Moscow confirmed that “it has also detected the same spyware”, while the group behind this has been dubbed as "ProjectSauron".
Additionally, Symantec also informed Reuters that:
“Remsec shares certain unusual coding similarities with another older piece of "nation state-grade" malware known as Flamer, or Flame”.
“Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts to have been used by the United States and Israel to attack Iran’s nuclear program late in the last decade (reut.rs/2b2FA8z)”.