Sauron, an APT that spies ciphered communication
A APT active since October 2011, named ProjectSauron, has been recently discovered. This APT, which advanced design seems related to a national intelligence agency, has affected specific organizations in Belgium, Sweden, Russia and China. ProjectSauron uses a variation of Remsec to stablish a backdoor and, later, gain access to cyphered communication, installs a keylogger and sends files out.
References:
- 07/08/2016 symantec.com Strider: Cyberespionage group turns eye of Sauron on targets
- 08/08/2016 kaspersky.com ProjectSauron: Top Level Espionage Platform Covertly Extracts Encrypted Government Comms
- 08/08/2016 threatpost.com PROJECTSAURON APT ON PAR WITH EQUATION, FLAME, DUQU