The US Justice Department (DoJ), and the Federal Bureau of Investigation (FBI) has revealed they jointly took down a network of compromised computers used to steal sensitive data from NATO by a known Russian state-sponsored actor for almost 20 years.
In a press release, the agencies outlined their work, codenamed MEDUSA, authorized by the court, to disrupt a “global peer-to-peer network” of computers infected by Snake.
Snake is an 18-year-old piece of malware, built and maintained by a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB) - also known as Turla.
Targeting NATO allies
Turla has been using Snake, the document states, to steal sensitive documents from “hundreds of computer systems” belonging to governments, journalists, and other targets. The endpoints were located “in at least 50 countries”, some of which are also members of the North Atlantic Treaty Organization (NATO).
After stealing the files, Turla would exfiltrate them through a “covert network of unwitting Snake-compromised computers” in the US and elsewhere.
To take down Snake, the law enforcement agents obtained a sample of the malware, and used it to create a tool named PERSEUS.
This tool issued a command that caused Snake to overwrite its own vital components. It essentially self-destructed, without affecting any other software, or hardware, components, of the compromised endpoints.
“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” said Attorney General Merrick B. Garland. “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”
Deputy Attorney General Lisa O. Monaco described Snake as “one of Russia’s most sophisticated cyber-espionage tools.”
- Check out the best firewalls around