A covert hacking group spied on targets in Russia, China, Iran, Sweden, Belgium and Rwanda for more than five years without being detected, researchers have revealed.
Project Sauron is suspected to be linked to a national intelligence agency and uses advanced, hidden malware to steal files and log victims’ keystrokes, Symantec claimed in a blogpost.
The attackers acquired complete control over infected machines by installing its Remsec spyware on an organisation’s network, rather than individual computers.
The group’s targets include four organisations and individuals in Russia, a Chinese airline, an undisclosed Swedish organisation and an embassy in Belgium, Symantec revealed.
Moscow-based Kaspersky Lab, which labelled the group Project Sauron after finding references to the Lord of the Rings character in its code, said it had found as many as 30 organisations which has been hacked.
Reuters reported that Kaspersky said targets included government agencies, scientific research centres, military entities, telecoms providers and financial institutions.
“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker,” Symantec claimed, without speculating on which government it might be.
Symantec said the code shares similarities with another older piece of nation state-grade malware known as Flamer. But it does not believe the creators of the two pieces of malware are connected.
It is relatively unusual for researchers to discover new classes of malware like Remsec, Orla Fox, Symantec’s director of security response, told Reuters.