FBI takes down Russian malware network that attacked allies, journalist computers

News

Taxis move past the headquarters of Russia’s Federal Security Services (FSB) in central Moscow on May 12, 2022.

Natalia Kolesnikova | Afp | Getty Images

The Federal Bureau of Investigation disrupted a Russian government-controlled malware network that compromised hundreds of computers belonging to NATO-member governments and other Russian targets of interest, including journalists, the Justice Department said Tuesday.

The disruption effort, called Operation Medusa, took the malware offline on or about May 8.

A unit within Russia’s Federal Security Bureau, the successor to the Soviet Union-era KGB, developed and deployed a malware codenamed Snake as far back as 2004, a federal search warrant request shows. The unit, called Turla, used the malware to selectively target high-value devices used by allied foreign ministries and governments.

The software was able to record every keystroke a victim made, a capacity known as keylogging, and send it back to Turla’s control center.

In at least one case, Turla used the Snake malware to infiltrate a personal computer belonging to a journalist at a U.S. media outlet, who reported on Russia’s government.

The Justice Department cited Snake’s status as Russia’s “premier long-term cyberespionage malware.” Disrupting the malware was part of an effort by U.S. law enforcement to protect victims around the world.

“We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies,” Attorney General Merrick Garland said in a statement.

Snake’s targeted capacities fed Russian intelligence huge amounts of information until U.S. law enforcement took down the network on Monday.

Snake was also able to snoop and compromise a victim’s Internet activity, inserting itself into the data that a victim’s computer sent online. Turla’s malware was able to operate effectively undetected by victims for nearly two decades, even as federal law enforcement monitored and pursued the Russian intelligence unit behind Snake.

Federal researchers and counterintelligence agents were able to reverse-engineer Snake and build software that would disable the malware. The software was codenamed Perseus and was deployed in a synchronized operation earlier this week with the cooperation of other foreign governments.

“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” Deputy Attorney General Lisa Monaco said in a statement.