{ "id": "fb9a3258-1eb0-436d-ab1d-1b500f94d512", "created_at": "2026-04-06T00:11:22.963389Z", "updated_at": "2026-04-10T03:33:51.890798Z", "deleted_at": null, "sha1_hash": "b86c85d99fda0ddb116b56826984c1e59f42a039", "title": "Strider, ProjectSauron - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 60503, "plain_text": "Strider, ProjectSauron - Threat Group Cards: A Threat Actor\r\nEncyclopedia\r\nArchived: 2026-04-05 15:40:23 UTC\r\nHome \u003e List all groups \u003e Strider, ProjectSauron\r\n APT group: Strider, ProjectSauron\r\nNames\r\nStrider (Symantec)\r\nProjectSauron (Kaspersky)\r\nG0041 (MITRE)\r\nCountry USA\r\nMotivation Information theft and espionage\r\nFirst seen 2011\r\nDescription\r\n(Symantec) Strider has been active since at least October 2011. The group has\r\nmaintained a low profile until now and its targets have been mainly organizations and\r\nindividuals that would be of interest to a nation state’s intelligence services. Symantec\r\nobtained a sample of the group’s Remsec malware from a customer who submitted it\r\nfollowing its detection by our behavioral engine.\r\nRemsec is primarily designed to spy on targets. It opens a back door on an infected\r\ncomputer, can log keystrokes, and steal files.\r\nStrider has been highly selective in its choice of targets and, to date, Symantec has\r\nfound evidence of infections in 36 computers across seven separate organizations. The\r\ngroup’s targets include a number of organizations and individuals located in Russia, an\r\nairline in China, an organization in Sweden, and an embassy in Belgium.\r\nObserved\r\nSectors: Defense, Embassies, Financial, Government, Telecommunications and\r\nScientific research centers.\r\nCountries: Belgium, China, Iran, Russia, Rwanda, Sweden.\r\nTools used Remsec.\r\nInformation\r\n\u003chttps://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets\u003e\r\n\u003chttps://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf\u003e\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1\r\nPage 1 of 2\n\nMITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1" ], "report_names": [ "showcard.cgi?u=d7d99de3-c515-4117-b40c-7696babb69c1" ], "threat_actors": [ { "id": "99845f58-2c39-46f7-8369-bb621ebb7002", "created_at": "2022-10-25T16:07:24.238844Z", "updated_at": "2026-04-10T02:00:04.90851Z", "deleted_at": null, "main_name": "Strider", "aliases": [ "G0041", "ProjectSauron" ], "source_name": "ETDA:Strider", "tools": [ "Backdoor.Remsec", "ProjectSauron", "Remsec" ], "source_id": "ETDA", "reports": null }, { "id": "c1ac2a5e-0225-47a4-8ac5-5fa898c96bde", "created_at": "2023-01-06T13:46:38.472883Z", "updated_at": "2026-04-10T02:00:02.989134Z", "deleted_at": null, "main_name": "ProjectSauron", "aliases": [ "Sauron", "Project Sauron", "G0041" ], "source_name": "MISPGALAXY:ProjectSauron", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a0d369c1-f0b7-4c70-a3a5-77aabbd17979", "created_at": "2022-10-25T15:50:23.311311Z", "updated_at": "2026-04-10T02:00:05.407733Z", "deleted_at": null, "main_name": "Strider", "aliases": [ "ProjectSauron" ], "source_name": "MITRE:Strider", "tools": [ "Remsec" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434282, "ts_updated_at": 1775792031, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b86c85d99fda0ddb116b56826984c1e59f42a039.pdf", "text": "https://archive.orkl.eu/b86c85d99fda0ddb116b56826984c1e59f42a039.txt", "img": "https://archive.orkl.eu/b86c85d99fda0ddb116b56826984c1e59f42a039.jpg" } }