Strider
G00411 reportsaliases · Strider · ProjectSauron
1
Reports
1
Techniques
1
Tactics
3
Countries
100%
Hunt coverage
2
Aliases
Analyst assessment — key judgments
- Signature techniques: T1543.003 (Windows Service).
- Primary targeting: US, IR, CN.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 100% of 1 observed techniques (0 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
DormantLast 30d: 0 vs 0 prior (+0%)· first reported 2026-04-23 · last 2026-04-23
0
7d
0
30d
1
90d
1
All
0.1
Rpts/wk
Reporting timeline · 12 months
Overview
Analyst triage
Intelligence summary
Strider is a threat group that has been active since at least 2011 and has targeted victims in Russia, China, Sweden, Belgium, Iran, and Rwanda.(Citation: Symantec Strider Blog)(Citation: Kaspersky ProjectSauron Blog)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1543.003 · Windows Serviceconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|