The Department of Justice announced today that the FBI and the U.S. Attorney’s Office for the Eastern District of New York, working in coordination with multiple Foreign Governments, inflicted a hard blow on Russian cyber-espionage efforts.
According to the DOJ, Operation MEDUSA neutralized the most dangerous malware Implant by Russia’s FSB, that had been operational for two decades.
“The Justice Department today announced the completion of a court-authorized operation, codenamed MEDUSA, to disrupt a global peer-to-peer network of computers compromised by sophisticated malware, called ‘Snake’, that the United States Government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB).
For nearly 20 years, this unit, referred to in court documents as “Turla,” has used versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries, which have belonged to North Atlantic Treaty Organization (NATO) member governments, journalists, and other targets of interest to the Russian Federation.”
The stolen documents where exfiltrated through a covert network of compromised computers in the United States and around the world.
In keeping with the mythological theme, the FBI created a tool named PERSEUS, which “issued commands that caused the Snake malware to overwrite its own vital components”.
United States Magistrate Judge Cheryl L. Pollak of the Eastern District of New York, authorized the remote access to the compromised computers.
Victims outside the United States are being notified by local authorities, that are also, in cooperation with the FBI, offering remediation guidance.
Breon Peace, United States Attorney for the Eastern District of New York: “Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyber-espionage requires creativity and a willingness to use all lawful means to protect our nation and our allies. The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
The U.S. has been investigating Snake and Snake-related malware tools for nearly 20 years. It’s Russia’s most sophisticated cyber-espionage tools, controlled by FSB officers conducting daily operations using Snake from a known FSB facility in Ryazan, Russia.
The FSB applied numerous upgrades and revisions over the years. “Snake implant persists on a compromised computer’s system indefinitely, typically undetected by the machine’s owner or authorized users. The FBI has observed Snake persist on particular computers despite a victim’s efforts to remediate the compromise.”
DOJ reiterated that the victims should take additional steps to protect themselves from further harm.