Skip to main content

FBI disables Russian malware operation targeting foreign governments

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the “premier cyberespionage malware” of Russia’s Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

The hacking group, a well-known unit known as Turla, spent nearly two decades using different versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries.

According to the DoJ, the Snake malware recorded keystrokes, enabling the hackers to steal their targets’ account authentication credentials such as usernames and passwords. It warned victims that stolen credentials could still be used to fraudulently re-access compromised computers and other accounts.

The FBI was able to decrypt and decode Snake communications through analysis of the Snake malware and its network.

“With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer,” the DOJ explained in a release.

Russia officially denies carrying out cyber espionage operations, but the FBI and its partners are in little doubt about the significance of its breakthrough.

Commenting on the FBI’s work, Attorney General Merrick B. Garland said: “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Powerful malware infected governments in Russia, Iran, and Rwanada, stayed hidden for five years
akarnai ssh report brute force credential stuffing internet devices data center feat

An incredibly sophisticated piece of malware infected government computers in Russia, Iran, and Rwanda, and evaded detection for five years. The malware, called "ProjectSauron" by Kaspersky and "Remsec" by Symantec, has been active since 2011, or longer, infecting computers on the computers of government entities, military operations, research institutions, banks, and telecommunication companies.

The malware used all kinds of tricks to stay hidden, including living mostly in system memory. But a huge part of ProjectSauron's success, Ars Technica is reporting, is the virus' ability to avoid leaving patterns.

Read more
FBI, DOJ eyeing Russian operatives in Clinton campaign cyberattack

There's more bad news for the Democrats' tech team as yet another cyberattack was discovered, this time involving the computer network used by Hillary Clinton. It's the third such political hack disclosed in recent months, with the previous two targeting the Democratic National Committee and the Democratic Congressional Campaign Committee (DCCC). Operatives associated with Russia appear to be behind the attack, in a revelation that comes just days after Republican presidential candidate Donald Trump called for the Kremlin to look into Hillary Clinton's emails.

On late Friday, a Clinton campaign spokesperson Nick Merrill confirmed that a DNC data analytics program used by the Clinton team was accessed as part of the DNC hack.

Read more
Hacker compromises data of nearly 30,000 FBI and DHS employees with a simple phone call

In most cases, hacking is a much more laborious task than the one-button system we all experienced in Watch Dogs two years ago, but that's not the case for a real-life hacker who actually stole confidential information from the FBI and Department of Homeland Security.

The hacker, who in his conversation with Motherboard says he wishes to remain anonymous, began by acquiring credentials for a single Department of Justice email account. Logging in with the credentials actually failed to work, but the hacker was undeterred. He gave the department a phone call, swindling a support representative for the instructions he so desperately needed.

Read more