Alternatively known as ‘Project Sauron’ or ‘Strider,’ the group has targeted military and government facilities.
A previously undetected, secretive group of hackers has been targeting organizations in Russia, China, and Europe since at least 2011, Reuters reported Monday.
Antivirus software maker Symantec in a Sunday blog post said the group, which it nicknamed “Strider,” has developed advanced spyware programs to target “organizations and individuals that would be of interest to a nation state’s intelligence services.”
The spyware they use is called Remsec, and includes modules that can load files from a disk or a network connection and execute them.
It can also log keystrokes and create backdoors in HTTP code and parts of the Windows operating system.
“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker,” Symantec wrote.
The targets include multiple organizations and individuals in Russia, an airline in China, and an embassy in Belgium.
Symantec competitor Kaspersky said it first discovered evidence of the hacking group in September 2015.
It named the group “Project Sauron,” a reference to the the title character in The Lord of the Rings. Kaspersky claims that targets include scientific research centers, military facilities, and telecoms.
While antivirus protection provides some defense against the hacking group, its techniques appear specifically engineered to avoid detection.
“ProjectSauron’s tactics are designed to avoid creating patterns,” Kaspersky explained in a blog post. “Implants and infrastructure are customized for each individual target and never re-used — so the standard security approach of publishing and checking for the same basic indicators of compromise (IOC) is of little use.”