FBI disables Russian malware operation targeting foreign governments

By Trevor Mogg May 9, 2023 9:05PM

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DoJ) as the “premier cyberespionage malware” of Russia’s Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

The hacking group, a well-known unit known as Turla, spent nearly two decades using different versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries.

According to the DoJ, the Snake malware recorded keystrokes, enabling the hackers to steal their targets’ account authentication credentials such as usernames and passwords. It warned victims that stolen credentials could still be used to fraudulently re-access compromised computers and other accounts.

The FBI was able to decrypt and decode Snake communications through analysis of the Snake malware and its network.

“With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer,” the DoJ explained in a release.

Russia officially denies carrying out cyberespionage operations, but the FBI and its partners are in little doubt about the significance of its breakthrough.

Commenting on the FBI’s work, Attorney General Merrick B. Garland said: “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

Editors' Recommendations

Topics

Tech News

Contributing Editor

Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…

Mobile

FBI arrests CEO of Phantom Secure for allegedly aiding organized crime

FBI

The FBI has arrested Vincent Ramos, the CEO of Phantom Secure, an established maker of custom smartphones. Ramos allegedly aided criminal organizations by providing devices that were modified to hide their illegal activities, Motherboard reported.

According to a complaint filed in Southern District of California, Ramos stands accused of conspiracy to conduct enterprise affairs, conspiracy to distribute narcotics, and aiding and abetting. Most importantly, the complaint alleges that Ramos and Phantom Secure's products were not simply used by criminals, in the way a criminal might use a Samsung device or secure messaging service, but were specifically made to help criminal organizations carry out illegal acts.

Computing

In 2017, Apple has seen an increase in national security requests from the government

Apple national security requests

According to Apple's first biannual transparency report, the Cuptertino comapny received more than 30,000 demands to access over 230,000 devices in the first-half of this year. These requests are coming in the form of National Security Letters as well as requests under the Foreign Intelligence Surveillance Act. Apple and other big companies are only reporting ranges, since the government will not only them to reveal precise numbers. "By law, this is the most precise information we are currently allowed to disclose," Apple said in the report.

As far as the national security-related requests are concerned, this year Apple has received four times the amount in the first half of the year that it did one year ago. In the first half of 2017, from January 1 all the way to June 30, Apple received anywhere from 13,250 to 13,499 national security requests from the U.S. government. These requests had an affect on 9,000 to 9,249 people who use Apple's devices.

Computing

DocuSign customers are now prime phishing targets after a recent data breach

great news for job seekers in 2016 especially if youre tech programmer

When it comes to our technology, It seems like we're under constant attack lately. From the recent massive ransomware attack to the NSA's cache of exploits to MacOS joining Windows as a more frequent target, not a day goes by that we're not facing yet another assault on our privacy and information.

The latest threat comes by way of a data breach at document validation company DocuSign, as Tom's Hardware reports. DocuSign was looking into a nefarious email campaign that targeted its customers when the company discovered that someone had hacked into its systems and grabbed some email addresses.