Cyber security researchers have discovered a hacker group known as Strider who have been previously-unknown. It is probable that the criminals have been infecting organizations and individuals with the Remsec malware.
Strider are responsible for the Remsec malware
The hacker collective known as Strider is believed to be responsible for the Remsec malware, a relatively low active covert threat that targets mainly organizations and individual users in Russia. Remsec is also responsible for infiltration on an embassy in Belgium, an airline in China and an unspecified organization in Sweden. The main objective of the malware is to spy on the victim targets upon activation and to open a backdoor that can log user activity and steal the contents of the connected drives.
It’s surprising to many that the malicious program has only made 36 infections in five years as the malware is believed to have been active since October 2001. It’s highly advanced and features a lot of mechanisms that avoid detection by most of the anti virus software solutions. It is very likely that there has been a lot of damage inflicted that is unknown at this time.
Remsec itself is created in a binary large object form (BLOB), a collection of files in a binary form that are difficult to detect and analyzed by security software. The other feature that sets it apart from other computer threats is the fact that the malware is distributed across network connections and not stored on a disk. This is another factor that provides a stealth mechanism and avoids detection.
Strider have written the majority of the malware’s modules in the Lua programming language which makes it easy for the malware to execute various functions and to interact with system processes. The source code contains numerous references to “The Lord of the Rings” series. Some experts speculate that Strider may be associated with the Regin attacks. It would be very possible that there is a connection between the hacker collective and the Equation Group.