The FBI has succeeded in taking an international Russian computer network offline. Russian state hackers stole sensitive and confidential data from hundreds of systems in at least fifty countries through this network for nearly two decades. Affected countries have been informed of the events.
The US Department of Justice reports this in a statement.
Russians collected sensitive information through a secret network for twenty years.
It concerns a worldwide computer network infected with the Russian malware ‘Snake’. According to the ministry, the Russian security service FSB is responsible for creating this malware. This service unit, known as Turla, used several versions of the Snake malware to steal sensitive documents from hundreds of computers. At least 50 NATO member countries have fallen victim, as have journalists and other targets of interest to Russia.
“After stealing these documents, Turla exfiltrated them through a covert network of Snake-infested computers in the United States and worldwide,” the Justice Department said. This network used custom communication protocols to make detection and monitoring impossible. For example, security researchers needed help finding out who stole the files.
The FBI could disable the Russian malware with a tool it had developed itself: PERSEUS. With this, the FBI sent commands to the Snake malware, causing it to self-destruct. Victims have been informed of the incident. In addition, the FBI is working with national investigative and enforcement agencies to explain how victims can identify Snake malware and restore their systems.
‘Snake is highly advanced cyber espionage malware.
All this happened under the name of Operation MEDUSA. Almost twenty years of research into the Russian malware tools preceded it. During this period, the US government monitored several FSB officials who worked from their base in Ryazan, Russia. According to the US, the Russian security service is responsible for developing “the most advanced cyber-espionage malware”.
Turla used the Snake network to send captured data through relay nodes scattered around the world to FSB operatives in Russia. After analyzing the Russian malware, the FBI developed a tool to monitor and analyze communication sessions that went through this network and to destroy the malware.
Victims must take extra measures.
“While Operation MEDUSA has disabled Snake malware on compromised computers, victims should take additional steps to protect themselves from further harm,” the Justice Department said. No vulnerabilities or security vulnerabilities have been fixed in the promotion. It also did not look for additional malware or hacking tools that hackers may have installed on their victims’ networks.
Finally, the department points out Turla often used a keylogger to collect victims’ login and authentication information. Victims should be aware that Turla can use this stolen information to regain access to compromised computers and other accounts.
‘Operation MEDUSA comes at a sensitive time in the war.’
Dave Maasland, CEO of ESET Netherlands, says on Twitter that Operation MEDUSA is crucial in the war between Russia and Ukraine. “This means Russia’s information position will be hit hard, with potentially noticeable consequences in the war. This is big.”
Maasland emphasizes that the FBI’s action comes at a “compassionate time in the war.” Ukrainian soldiers are about to launch a counter-offensive to drive out Russian troops. “It is not inconceivable that the potential disruption of Russian espionage activities could impact the course of this conflict.”