Turla’s Snake malware network disrupted by Five Eyes’ authorities

2023-05-10 11:42

The US Government has been investigating Snake and Snake-related malware tools for nearly 20 years, and has monitored FSB officers assigned to Turla conducting daily operations using Snake from a known FSB facility in Ryazan, Russia.

Although Snake has been the subject to several cybersecurity industry reports throughout its existence, Turla has applied numerous upgrades and revisions, and selectively deployed it, all to ensure that Snake remains Turla's most sophisticated long-term cyberespionage malware implant.

Turla uses the Snake network to route data exfiltrated from target systems through numerous relay nodes scattered around the world back to Turla operators in Russia.

Through analysis of the Snake malware and the Snake network, the FBI developed the capability to decrypt and decode Snake communications.

With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer.

The FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the US Cyber Command Cyber National Mission Force, and six other intelligence and cybersecurity agencies from each of the Five Eyes member nations issued a joint cybersecurity advisory with detailed technical information about the Snake malware that will allow cybersecurity professionals to detect and remediate Snake malware infections on their networks.

News URL

https://www.helpnetsecurity.com/2023/05/10/turla-snake-malware/

#malware #turla