The FBI reported that the countries participating in the Five Eyes alliance (which brings together the intelligence services of Australia, Canada, New Zealand, the US and the UK) destroyed the infrastructure used by the Snake cyberspyware malware, which was created by the Russian group Turla.
Let me remind you that we also talked about the fact that Russian Hackers Use Passion DDoS Platform to Attack Medical Facilities, and also that US authorities say Russian hackers attacked US defense contractors.It is reported that the development of Snake began in 2003 (then called Uroburos), and the first versions of the malware were ready in early 2004, after which “government hackers” began to use malware in attacks. Since then, the Snake malware, found in more than 50 countries, has been used to collect and steal sensitive data from a wide range of targets, including government networks, research organizations and journalists.
Law enforcers say that they destroyed the infrastructure of the malware, which is associated with the Russian-speaking group Turla, as part of Operation Medusa. It is emphasized that among the computers captured by the Snake P2P botnet, the FBI found devices belonging to the governments of NATO member countries.
U.S. authorities have been closely monitoring Snake activity and malware-related tools for nearly 20 years, as well as tracking Turla, whose command centers were in Ryazan and Moscow, according to released court documents.
The report describes Snake as a “sophisticated, decades-old cyberespionage implant” that allows its operators to remotely install malware on compromised devices, steal sensitive documents and information (such as authentication credentials), maintain a presence on the system, and hide their activities with a peer-to-peer networks.
The FBI has now reportedly cleared all infected devices within the US, and outside the US, law enforcement is “engaging with local authorities to notify them of the Snake contamination and provide remedial recommendations.”
After decrypting network traffic between devices in the US and NATO countries compromised by Snake, the FBI also discovered that Turla operators were using the malware to attempt to steal documents “similar to confidential UN and NATO documents.”
It is reported that the warrant received by the FBI allowed law enforcement officers to gain access to infected devices, overwrite malware without affecting legitimate applications and files, and terminate the malware running on compromised computers.
The FBI is now notifying all owners and operators of devices that were remotely accessed to remove Snake, and advise that they may have to remove other malicious tools and programs installed by attackers (including keyloggers that Turla often injected into infected systems).