Threat Actor Profile
High
APT
Description
Strider is a threat group that has been active since at least 2011 and has targeted victims in Russia, China, Sweden, Belgium, Iran, and Rwanda.(Citation: Symantec Strider Blog)(Citation: Kaspersky ProjectSauron Blog)
Confidence Score
Known Aliases
Strider
ProjectSauron
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (3)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Strider', 'ProjectSauron'],
'created': '2017-05-31T21:32:07.541Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Strider](https://attack.mitre.org/groups/G0041) is a threat '
'group that has been active since at least 2011 and has '
'targeted victims in Russia, China, Sweden, Belgium, Iran, and '
'Rwanda.(Citation: Symantec Strider Blog)(Citation: Kaspersky '
'ProjectSauron Blog)',
'external_references': [{'external_id': 'G0041',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0041'},
{'description': '(Citation: Symantec Strider Blog) '
'(Citation: Kaspersky ProjectSauron '
'Blog)',
'source_name': 'Strider'},
{'description': 'ProjectSauron is used to refer both '
'to the threat group also known as '
'G0041 as well as the malware '
'platform also known as S0125. '
'(Citation: Kaspersky ProjectSauron '
'Blog) (Citation: Kaspersky '
'ProjectSauron Full Report)',
'source_name': 'ProjectSauron'},
{'description': 'Symantec Security Response. (2016, '
'August 7). Strider: Cyberespionage '
'group turns eye of Sauron on '
'targets. Retrieved August 17, 2016.',
'source_name': 'Symantec Strider Blog',
'url': 'http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets'},
{'description': "Kaspersky Lab's Global Research & "
'Analysis Team. (2016, August 8). '
'ProjectSauron: top level '
'cyber-espionage platform covertly '
'extracts encrypted government comms. '
'Retrieved August 17, 2016.',
'source_name': 'Kaspersky ProjectSauron Blog',
'url': 'https://securelist.com/faq-the-projectsauron-apt/75533/'},
{'description': "Kaspersky Lab's Global Research & "
'Analysis Team. (2016, August 9). The '
'ProjectSauron APT. Retrieved August '
'17, 2016.',
'source_name': 'Kaspersky ProjectSauron Full Report',
'url': 'https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf'}],
'id': 'intrusion-set--277d2f87-2ae5-4730-a3aa-50c1fdff9656',
'modified': '2025-04-25T14:49:43.099Z',
'name': 'Strider',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.1'}