The FBI Destroyed the Snake Spyware Created by the Russian Group Turla

by Emma Davis
May 12, 2023
FBI and Snake malware from Turla
Written by Emma Davis

The FBI reported that the countries participating in the Five Eyes alliance (which brings together the intelligence services of Australia, Canada, New Zealand, the US and the UK) destroyed the infrastructure used by the Snake cyberspyware malware, which was created by the Russian group Turla.

Let me remind you that we also talked about the fact that Russian Hackers Use Passion DDoS Platform to Attack Medical Facilities, and also that US authorities say Russian hackers attacked US defense contractors.

It is reported that the development of Snake began in 2003 (then called Uroburos), and the first versions of the malware were ready in early 2004, after which “government hackers” began to use malware in attacks. Since then, the Snake malware, found in more than 50 countries, has been used to collect and steal sensitive data from a wide range of targets, including government networks, research organizations and journalists.

Law enforcers say that they destroyed the infrastructure of the malware, which is associated with the Russian-speaking group Turla, as part of Operation Medusa. It is emphasized that among the computers captured by the Snake P2P botnet, the FBI found devices belonging to the governments of NATO member countries.

The US Department of Justice, together with international partners, has taken down a global network of malware-infected computers that have been used for nearly two decades of cyber espionage, including against our NATO allies.reads the official press release.

U.S. authorities have been closely monitoring Snake activity and malware-related tools for nearly 20 years, as well as tracking Turla, whose command centers were in Ryazan and Moscow, according to released court documents.

The report describes Snake as a “sophisticated, decades-old cyberespionage implant” that allows its operators to remotely install malware on compromised devices, steal sensitive documents and information (such as authentication credentials), maintain a presence on the system, and hide their activities with a peer-to-peer networks.

The FBI has now reportedly cleared all infected devices within the US, and outside the US, law enforcement is “engaging with local authorities to notify them of the Snake contamination and provide remedial recommendations.”

As stated in court documents, as a result of analysis of the Snake malware and the Snake network, the FBI discovered the ability to decrypt and decode Snake messages. Using information gained from monitoring the Snake network and analyzing malware, the FBI developed a tool called Perseus that establishes communication sessions with a malware implant on a specific computer and issues commands that cause the Snake implant to shut down without affecting the computer itself and legitimate applications on it.according to the US Department of Justice.

After decrypting network traffic between devices in the US and NATO countries compromised by Snake, the FBI also discovered that Turla operators were using the malware to attempt to steal documents “similar to confidential UN and NATO documents.”

It is reported that the warrant received by the FBI allowed law enforcement officers to gain access to infected devices, overwrite malware without affecting legitimate applications and files, and terminate the malware running on compromised computers.

The FBI is now notifying all owners and operators of devices that were remotely accessed to remove Snake, and advise that they may have to remove other malicious tools and programs installed by attackers (including keyloggers that Turla often injected into infected systems).

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending