Aliases: Strider, ProjectSauron
|ProjectSauron||ProjectSauron is used to refer both to the threat group also known as G0041 as well as the malware platform also known as S0125.  |
|Enterprise||T1090||Connection Proxy||Strider has used local servers with both local network and Internet access to act as internal proxy nodes to exfiltrate data from other parts of the network without direct Internet access.|
|Enterprise||T1003||Credential Dumping||Strider has registered its persistence module on domain controllers as a Windows LSA (Local System Authority) password filter to dump credentials any time a domain, local user, or administrator logs in or changes a password.|
- Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.
- Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.