The FBI has disrupted a well-known Russian cyberespionage operation as part of an international effort. The Federal Security Service (FSB) unit, Turla, was using a malware known as “Snake” (which dates back to 2004) to steal sensitive documents from hundreds of computer systems in at least 50 countries. The malware was updated continuously and had been operational for over 20 years. The group exfiltrated the stolen material through a covert network of Snake-compromised computers in the US and other countries.
The FBI gained physical access to some of the compromised computers and developed a tool called “Perseus” to decrypt and decode Snake communications. Using Perseus, the FBI issued commands to Snake on May 8 that caused it to overwrite its own vital components without affecting the host computer or other legitimate applications on that computer, the officials told reporters during a briefing on Tuesday.
The operation relied on a legal provision known as Rule 41, which allows a judge to grant US investigators access to computers in multiple jurisdictions and take specific actions. This proactive federal cyber operation is part of a sustained US government push to be more aggressive in cybersecurity.
### Sophisticated Malware by Turla
According to the affidavit, the FBI identified 19 IP addresses associated with computers in the US that were infected with Snake. Over several years dating back to at least 2015, the FBI and US Intelligence Community worked with several cooperating victim organizations to understand more about Snake. However, some entities found to have been infected by Snake fully or partially declined to participate in the FBI’s investigation, according to the affidavit.
Turla is a well-known Russian cyber espionage actor, and one of the oldest intrusion groups that researchers track, even existing in some form as early as the 1990s when Kevin Mandia was responding to their intrusions into government systems and the defence industry, said John Hultquist, the head of Mandiant Intelligence Analysis.
### Recommendations
A range of US government agencies and counterparts globally issued a joint 48-page cybersecurity advisory on Tuesday, detailing how Snake works and implementing mitigations. Technical details will help industry and governments around the world find and shut down the malware.
The international community must continue to improve collective defenses against cyber espionage that threatens national and global security. Countries must establish better international cooperation mechanisms and partnerships to prevent and respond to cyber espionage attacks proactively. Through these efforts, countries can collaborate to identify, track, and disrupt international hacking criminal organizations and bring cyber criminals to justice.
<< photo by cottonbro studio >>
You might want to read !
- “Uncoiling the Threat: FBI Dismantles Russian FSB’s ‘Snake’ Malware Network”
- North Korean Hackers Suspected in Major Data Breach at Seoul Hospital
- Mandiant CEO claims China has redefined its approach to cyberattacks
- Uncovering the Tactics and Impact of Malicious Package Attacks on Software Supply Chains
- Ransomware Report: A Comprehensive Ranking of Gangs, Malware, and Risks