US takes down Russian FSB’s sophisticated global malware network
The US Justice Department announced yesterday that it had successfully dismantled a “sophisticated” malware network, known as “Snake” or “Uroburos”, that had been utilized by Russia’s FSB intelligence agency for two decades. This highly advanced cyber-espionage tool allowed the FSB to secretly spy on target computer systems in 50 countries, focusing on government networks, research facilities, journalists, and other high-value targets, according to US officials.
In the process of the operation lasting several years, the FBI was able to defeat the Snake malware by injecting its own computer code that forced the malware to overwrite itself. Deputy Attorney General Lisa Monaco praised the operation, stating that it had “neutralized” one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives.”
The FSB began developing the Snake malware in 2003, and it has been recognized by CISA, the US cyber defense agency, as “the most sophisticated cyber espionage tool in the FSB’s arsenal.” It is incredibly stealthy, making it extremely challenging to detect in computer systems and network traffic. Snake is highly adaptable, designed for effortless updating and modification, and has very few bugs considering its complexity.
These features allowed the FSB to operate undetected for years, infiltrating sensitive documents via computer systems with extensive host networks. CISA revealed that, in at least one instance, Snake was able to infiltrate an unnamed NATO country, granting Russian intelligence access to sensitive international relations documents and diplomatic communications.
The FBI’s sophisticated countermeasure, which they named Perseus, successfully rendered the Russian malware ineffective. By establishing communication sessions with the Snake malware implant on a specific computer, Perseus was able to issue commands that rendered the Snake implant inoperable, without damaging the host computer or its legitimate applications, reports Bangkok Post.
Despite the success of the Perseus implant, cybersecurity authorities from the United States, Canada, Britain, Australia, and New Zealand issued a joint advisory on Tuesday, cautioning that the Snake malware still poses a significant threat.