Security researchers have identified the once unknown hacking group behind a malicious malware called Remsec.
Reuters reported on Monday (August 8) that the newly discovered group has been around since 2011 and is linked to cyber espionage attacks in various countries around the world.
“The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services. Symantec obtained a sample of the group’s Remsec malware from a customer who submitted it following its detection by our behavioral engine,” the company said in a blog post.
“Remsec is primarily designed to spy on targets. It opens a back door on an infected computer, can log keystrokes, and steal files,” Symantec continued.
Instead of being installed on an individual computer, Remsec is known for being a spyware that actually lives inside an organization’s network. According to Reuters, this provides the hackers with full control over targeted networks and the machines within them.
While Symantec identified numerous targets of the hacking group, including individuals and businesses in Russia, a Chinese airline, an embassy in Belgium and another organization in Sweden, Kaspersky Lab said it accounted for more than 30 victims so far.
The spyware’s targeted organizations and entities include those within the government, military, scientific research centers, telecommunications providers and finance.
“ProjectSauron actively searches for information related to rather uncommon, custom network encryption software. This client-server software is widely adopted by many of the target organizations to secure communications, voice, email, and document exchange,” Kaspersky explained in a blog.