ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Strider, ProjectSauron

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Strider, ProjectSauron

NamesStrider (Symantec)
ProjectSauron (Kaspersky)
CountryUSA USA
MotivationInformation theft and espionage
First seen2011
Description(Symantec) Strider has been active since at least October 2011. The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services. Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioral engine.

Remsec is primarily designed to spy on targets. It opens a back door on an infected computer, can log keystrokes, and steal files.

Strider has been highly selective in its choice of targets and, to date, Symantec has found evidence of infections in 36 computers across seven separate organizations. The group’s targets include a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium.
ObservedSectors: Defense, Embassies, Financial, Government, Telecommunications and Scientific research centers.
Countries: Belgium, China, Iran, Russia, Rwanda, Sweden.
Tools usedRemsec.
Information<https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets>
<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf>
MITRE ATT&CK<https://attack.mitre.org/groups/G0041/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key