The Federal Bureau of Investigation (FBI) successfully disrupted a dangerous Russian spy malware on May 9, according to senior American law enforcement officials. The FBI’s technical experts were able to identify and disable the malware, known as Snake, which was employed by Russia’s Federal Security Service (FSB) to target undisclosed American computers. The FSB officials responsible for the malware were associated with a notorious hacking group known as “Turla.”
This FBI operation highlights the ongoing digital power struggle between the United States and Russia.
Snake, described by the Cybersecurity and Infrastructure Security Agency (CISA) as a highly sophisticated cyber espionage tool, was developed by Center 16 of the FSB for long-term intelligence gathering on sensitive targets. The FSB created a covert peer-to-peer (P2P) network of Snake-infected computers worldwide to carry out operations. The malware utilized custom communication protocols with encryption and fragmentation to evade detection and collection efforts.
CISA discovered the Snake infrastructure in over 50 countries across various continents, including the United States and Russia itself.
The development of Snake, initially known as “Uroburos,” began in late 2003, with cyber operations using the implant commencing shortly thereafter.
While Snake targeted multiple industries, its focus was purposeful and tactical. The FSB used Snake to collect sensitive intelligence from high-priority targets such as government networks, journalists, and research facilities. For instance, the CISA cited an example where Snake was used to access and exfiltrate international relations documents and diplomatic communications from a victim in a NATO nation.
In the United States, the Russian security agency victimized industries such as education, small businesses, media organizations, and even critical infrastructure sectors like government facilities.
The FSB officials behind Snake were identified as part of the Turla hacking group. Over nearly two decades, Turla, using versions of Snake, stole sensitive documents from hundreds of computer systems in at least 50 countries, including NATO member governments and journalists.
Operation MEDUSA, led by the FBI, was responsible for sabotaging the Snake malware. The FBI utilized a tool called PERSEUS to disable the malware on compromised computers without impacting the host computer or legitimate applications. PERSEUS issued commands that caused the Snake implant to overwrite its critical components.
The US government had been investigating Snake and related malware tools for nearly 20 years, closely monitoring FSB officers assigned to Turla conducting daily operations from a known FSB facility in Ryazan, Russia.
US Attorney General Merrick B. Garland emphasized that the operation dismantled a global network of malware-infected computers that the Russian government had used for cyber espionage for nearly two decades. He pledged to continue strengthening collective defenses against Russia’s destabilizing efforts.
While Operation MEDUSA disabled the Snake malware on compromised computers, the Justice Department advised victims to take additional measures to protect themselves from potential further harm. The operation did not address vulnerabilities, remove additional malware, or hacking tools that may have been placed on victims’ systems by hacking groups. The department also cautioned victims about Turla’s use of keyloggers to steal account credentials, urging continued vigilance against fraudulent re-access to compromised computers and accounts.
Post Your Comments