WASHINGTON — The United States and its allies have dismantled the major cyber-espionage system Russian intelligence agencies used for years to spy on computers around the world, the Department of Justice. announced on Tuesday.
In another report, cybersecurity and infrastructure security agencies drew the systemKnown as the “Snake” malware network, it is known as the “most sophisticated cyber espionage tool” in the Federal Marshals arsenal and is used to monitor highly sensitive targets such as government networks, research facilities and journalists. used for
According to CISA, the Federal Security Service (FSB) used Snake to access and steal international documents and other diplomatic communications from NATO member states. CISA added that Russian agencies have used the tool to infect computers in more than 50 countries. Within the national and American institutions. They included “education, small businesses, media organizations, and critical infrastructure sectors including government facilities, financial services, critical manufacturing and telecommunications.”
A senior Justice Department official hailed the apparent demise of malware.
“U.S. law enforcement neutralized one of Russia’s most sophisticated cyber espionage tools through a high-tech operation that antagonized Russian malware. It has been used for 20 years to do so,” Deputy Attorney General Lisa O. Monaco said in a statement.
just opened 33 page court documents From a federal judge in Brooklyn, cybersecurity agent Taylor Foley explained how an effort called Operation Medusa would work.
According to court documents, the Snake system acted as a “peer-to-peer” network that linked together infected computers around the world. Taking advantage of that, the FBI planned to use infected computers in the United States to break into systems and overwrite the code on all infected computers to “permanently disable” the network.
The US government has been scrutinizing Snake-related malware for nearly 20 years, according to court filings, and says an FSB unit known as Turla operated its network out of Ryazan, Russia.
While cybersecurity experts have identified and described the Snake network for years, Turla has maintained operations through upgrades and revisions.
Removing the malware from infected computer systems is difficult, and this clandestine peer-to-peer network slices and encrypts stolen data, covertly routing it through “a multitude of relay nodes scattered around the world,” Sent back to Turla operator in Russia. A hard-to-find method.
CISA reports that Snake is designed to allow operators to easily incorporate new or upgraded components and runs on computers running Windows, Macintosh, and Linux operating systems. I was.
Court documents also call for delayed notification to owners of computers accessed in the operation, making it essential to coordinate the dismantling of Snake so that the Russians cannot interfere or mitigate it. It is said that
“If Turla was aware of Operation Medusa’s successful execution prior to its execution, Turla would use the Snake malware on targeted computers and on Snake-infected systems around the world to determine how the FBI and other governments carried out their operations. We were able to find out how we were able to disable the Snake malware and strengthen Snake’s defenses,” added Special Agent Forry.
