U.S. authorities have successfully disabled a piece of malware, known as "Snake," allegedly used by Russia's intelligence agency for two decades to steal documents from NATO-allied governments and others. The FBI identified the group of hackers as "Turla" and obtained court approval to issue commands to the malware, permanently disabling it on infected computers.
The operation, codenamed "MEDUSA," was conducted on Monday and tracked the group's daily activities to an FSB facility in Ryazan, outside Moscow. This action comes as security companies have described how Russian government hackers have increased their cyber-espionage attacks against Ukraine and its allies in recent months while deploying novel strains of malicious software.
The Justice Department has announced the dismantling of a global network of computers infected with Snake malware that Russia's state security services have allegedly used for nearly 20 years to steal secrets from the U.S., NATO allies, financial sectors, journalists, and other targets of interest.
Experts consider Turla one of the most sophisticated cyber espionage groups in the world. The FBI discovered Snake malware in computer systems across at least 50 countries worldwide.
John Smithson*, Deputy Director at Cybersecurity Agency XYZ**, states that this is a significant blow to Russia's domestic intelligence service: "This successful operation showcases not only our ability but also our determination in fighting back against foreign adversaries."
In order to neutralize Snake malware effectively on affected systems within their jurisdictions without causing damage or loss of data integrity, law enforcement agencies employed another digital tool called Perseus which turned Snake functionality against itself forcing self-destruction upon deployment.
Senior Justice Department officials urge victims who were targeted by this notorious Russian hacking campaign using Snake malware should cooperate with investigators and stay up-to-date regarding patches and fixes for their systems moving forward so they can protect themselves better against such threats in the future.
*take note that 'John Smithson' and 'Cybersecurity Agency XYZ' are placeholders for a real person's name and cybersecurity firm respectively.