The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.
The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the “premier cyberespionage malware” of Russia’s Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.
The hacking group, a well-known unit known as Turla, spent nearly two decades using different versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries.
According to the DoJ, the Snake malware recorded keystrokes, enabling the hackers to steal their targets’ account authentication credentials such as usernames and passwords. It warned victims that stolen credentials could still be used to fraudulently re-access compromised computers and other accounts.
The FBI was able to decrypt and decode Snake communications through analysis of the Snake malware and its network.
“With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer,” the DOJ explained in a release.
Russia officially denies carrying out cyber espionage operations, but the FBI and its partners are in little doubt about the significance of its breakthrough.
Commenting on the FBI’s work, Attorney General Merrick B. Garland said: “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”
- Hackers are using this incredibly sneaky trick to hide malware
- In the age of ChatGPT, Macs are under malware assault
- Hackers are using fake WordPress DDoS pages to launch malware
- Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid