Security News > 2023 > May > FBI-led Op Medusa slays NATO-bothering Russian military malware network
The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades.
After identifying and stealing sensitive files on victims' devices, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the US. In effect, Snake can infect Windows, Linux, and macOS systems, and use those network nodes to pass data stolen from victims along to the software nasty's Russian spymasters.
"To obfuscate communications between the Snake-compromised computers that comprise the Snake network, the nature of the data stolen by the FSB and the identity of the FSB as the attacker, communications between Snake implants on compromised computers are encrypted, fragmented, and sent using customized methodologies built atop common network protocols," according to US prosecutors in court documents [PDF].
As part of the so-called Operation Medusa, announced today, the Feds obtained a warrant [PDF] to remotely access eight computers in the US that Snake had infected, and then overwrite and terminate the malware running on those machines.
"Through a high-tech operation that turned Russian malware against itself, US law enforcement has neutralized one of Russia's most sophisticated cyber-espionage tools, used for two decades to advance Russia's authoritarian objectives," Deputy Attorney General Lisa Monaco said in a statement.
The FBI decided to name this tool Perseus, and after it establishes communication sessions with the Snake malware on a device, issues commands that causes the malicious implant to disable itself by overwriting key code components, without affecting the host computer or any legitimate applications.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/09/fbi_operation_medusa_snake/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)