Hackers who appear to have an affinity for the "Lord of the Rings" books have been targeting the governments of Russia, China, Sweden and Belgium for at least five years with the aim of collecting state intelligence, according to researchers at cybersecurity firm Symantec.
The group, dubbed "Strider," has been using a piece of malware called "Remsec" to conduct its attacks, Symantec said in a report over the weekend. "Remsec is a stealthy tool that appears to be primarily designed for spying purposes," authors of the report said. "Its code contains a reference to Sauron, the all-seeing antagonist in Lord of the Rings."
Sauron was represented as an incorporeal eye through much of the fictional series, written by the late English author J.R.R. Tolkien. Strider was a nickname for protagonist Aragorn.
Symantec said "Strider" has been active since at least October 2011, and appears to be tied to a state-backed hacking operation. "The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state's intelligence services," researchers wrote.
Related Story: http://www.washingtonexaminer.com/article/2597707
The company reported that after a client provided it with a copy of the malware, it discovered versions of it in 36 computers across seven organizations in the four countries, including a Chinese airline, a Belgian embassy, and several individuals in Russia.
Criminals associated with the hacking organization Anonymous have been linked to attacks on Belgium in the past, while hackers linked to the Russian government were associated with an attack on Swedish air traffic control systems in November. While a range of countries could have an interest in hacking China or Russia, it's unclear why Tolkien fans might lump the four together.