Security Experts Discover Sophisticated Cyberespionage Campaign Active Since 2011

Called Strider by Symantec and ProjectSauron by Kaspersky, the malware infected dozens of computers in Iran, Russia, Sweden, China, Belgium and Rwanda.

Oded Yaron
Oded Yaron
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Cyber attack (illustrative).
Cyber attack (illustrative).Credit: Dreamstime
Oded Yaron
Oded Yaron

Cyber security experts have uncovered a sophisticated cyberespionage campaign that has targeted dozens of organizations in Iran, Russia, Sweden, China, Belgium and Rwanda since 2011. The new hacker group is being called Strider by experts at Symantec and ProjectSauron by the experts at Kaspersky.

"ProjectSauron is particularly interested in gaining access to encrypted communications," Kaspersky said, "hunting them down using an advanced modular cyber-espionage platform that incorporates a set of unique tools and techniques. The most noteworthy feature of ProjectSauron’s tactics is the deliberate avoidance of patterns: ProjectSauron customizes its implants and infrastructure for each individual target, and never reuses them. This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables ProjectSauron to conduct secretive, long-term spying campaigns in target networks."

The two cyber security companies stated that the attacks that were discovered on dozens of computers in various organizations were created by a group of sophisticated hackers with "tentative links with a previously uncovered group, Flamer," as Symantec put it. Flamer or Flame is one of the programs considered to be connected to the Stuxnet software family. These, as has been reported many times since the initial report in the New York Times, were developed together by the United States and Israel, in order to harm the Iranian nuclear program.

That being said, the two companies aren't claiming that the same group is responsible for both attacks. Kaspersky's report, for example, says that it seems that the creators of ProjectSauron "learned" a lot from the creators of Stuxnet.

According to Kaspersky 30 organizations have thus far been identified as victims of the attack, mostly in Russia, Iran and Rwanda, with more possible victims in Italy. It is believed that more companies in other regions were also attacked. That being said, it is very difficult to identify every new target that has been infected based on ProjectSauron's mode of activity. Symantec identified 36 infected computers. Among those, computers belonging to government bodies, militaries, research centers, telecom companies and financial organizations.

Analysis of the findings led the researchers to the conclusion that ProjectSauron has been active since June 2011 and has remained active in 2016. The initial vector used to infect the victim's communication networks is still unknown.

“A number of targeted attacks now rely on low-cost, readily-available tools," Vitaly Kamluk, principal security researcher at Kaspersky said, "ProjectSauron, in contrast, is one of those that relies on homemade, trusted tools and customizable scripted code. The single use of unique indicators, such as control server, encryption keys and more, in addition to the adoption of cutting edge techniques from other major threat actors, is rather new. The only way to withstand such threats is to have many layers of security in place, based on a chain of sensors monitoring even the slightest anomaly in organizational workflow, multiplied with threat intelligence and forensic analysis to hunt for patterns even when there appear to be none.”

Click the alert icon to follow topics:



Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN


The Orion nebula, photographed in 2009 by the Spitzer Telescope.

What if the Big Bang Never Actually Happened?

Relatives mourn during the funeral of four teenage Palestinians from the Nijm family killed by an errant rocket in Jabalya in the northern Gaza Strip, August 7.

Why Palestinian Islamic Jihad Rockets Kill So Many Palestinians

בן גוריון

'Strangers in My House': Letters Expelled Palestinian Sent Ben-Gurion in 1948, Revealed


AIPAC vs. American Jews: The Toxic Victories of the 'pro-Israel' Lobby

Bosnian Foreign Minister Bisera Turkovic speaks during a press conference in Sarajevo, Bosnia in May.

‘This Is Crazy’: Israeli Embassy Memo Stirs Political Storm in the Balkans

Hamas militants take part in a military parade in Gaza.

Israel Rewards Hamas for Its Restraint During Gaza Op