Wednesday, May 10, 2023

FBI says it has disabled 20-year Russian malware spying operation


Photo by Sergei Ilnitsky/EPA-EFE

May 9 (UPI) -- The Justice Department Tuesday said it has now dismantled a global malware operation backed by Russia's security service that had been operating clandestinely for almost 20 years.

Russia's FSB used the malware named "Snake" to steal state secrets from the United States and at least 50 NATO member countries over the years, the Justice Department said in a statement.

Court documents refer to the FSB unit as "Turla," while the operation, itself, was dubbed one of the most in-depth ever launched by Russia.

The unit was reportedly operating out of a known FSB facility, conducting daily operations in Ryazan, Russia.

"Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia's most sophisticated cyber-espionage tools, used for two decades to advance Russia's authoritarian objectives," Deputy Attorney General Lisa Monaco said in a statement Tuesday.

Authorities believe the malware infected hundreds of computers, including those of government workers and journalists.

U.S. officials launched a counter operation, allowing them to access infected computers remotely.

"The FBI developed the capability to decrypt and decode Snake communications," the Justice Department said in its statement.

"With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer."

The operation to disable Snake did not patch vulnerabilities or remove any additional malware, the Justice Department cautioned, adding anyone with an infected computer should take appropriate protective measures.

The department sent a joint cybersecurity alert along with the other four members of the Five Eyes intelligence-sharing group; Australia, Canada, New Zealand and Britain.

No comments: