In a major blow to Russian cyber espionage operations, the U.S. Department of Justice has announced the successful disruption of a hacking campaign carried out by a notorious Russian hacking group.
The FBI operation, codenamed "Medusa," targeted malware deployed by Moscow's Federal Security Service (FSB), which was used to target a wide range of U.S. and foreign government agencies, critical infrastructure entities, and private sector organizations, stealing sensitive data and causing significant damage to computer networks.
According to the DOJ statement, the malware in question was a nearly 20-year-old piece of software called "Snake," which has been operated by Turla, a unit within the FSB that is known for conducting some of Russia's most extensive cyber espionage operations. Turla has been active since at least the 1990s and is focused on government, military, and defense sector targets.
According to the DOJ, Snake is a "global peer-to-peer network of computers compromised by sophisticated malware" that has been used to steal sensitive documents from hundreds of computer systems in at least 50 countries.
The FBI operation involved gaining physical access to some of the compromised computers, studying the Snake malware, and developing a tool called "Perseus" to decrypt and decode Snake communications. The FBI used Perseus to issue commands to Snake, causing it to overwrite its own vital components without affecting the host computer or other legitimate applications on that computer.
The DOJ statement noted that the FBI worked with several cooperating victim organizations to learn more about Snake, but in at least two cases, entities found to have been infected by Snake either fully or partially declined to participate in the FBI's investigation.
Breon Peace, U.S. Attorney for the Eastern District of New York, praised the success of the operation:
"Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies. The court-authorized remote search and remediation announced today demonstrates my Office and our partners' commitment to using all of the tools at our disposal to protect the American people."
The coordinated international effort involved multiple U.S. government agencies, as well as agencies from other countries, issuing a joint 48-page cybersecurity advisory on Tuesday detailing the operation, how Snake works, and mitigations.
The operation represents a significant blow to Russian cyber espionage capabilities and a major victory for U.S. law enforcement and its international partners.
Follow SecureWorld News for more stories related to cybersecurity.