The U.S Justice Department disclosed on Tuesday, May 9, 2023, that it had disrupted a long-running Russian cyber espionage campaign that stole sensitive information from computer networks in dozens of countries, including the U.S. and other NATO members.
Prosecutors linked the spying operation to a unit of Russia’s Federal Security Service, or FSB, and accused the hackers of stealing documents from hundreds of computer systems belonging to governments of NATO members, an unidentified journalist for a U.S. news organization who reported on Russia, and other select targets of interest to the Kremlin.
Assistant Attorney General, Matthew Olsen, the Head of the Justice Department’s National Security Division, noted in a statement that “For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies — that ends today.”
“The Justice Department will use every weapon in our arsenal to combat Russia’s malicious cyber activity, including neutralizing malware through high-tech operations, making [innovative] use of legal authorities, and working with international allies and private sector partners to amplify our collective impact.”
Assistant Attorney General Matt Olsen
The specific targets were not named in court papers, however, U.S. officials described the espionage campaign as “consequential,” having successfully exfiltrated sensitive documents from NATO countries and also targeted U.S. government agencies and others in the U.S.
The Russian operation relied on the malicious software known as Snake to infect computers, with hackers operating from what the Justice Department said was a known FSB facility in Ryazan, Russia.
According to the 2020 Cyber Threatscape Report from Accenture, a notorious group believed to be responsible for the Snake malware, has aggressively targeted systems supporting Microsoft Exchange and Outlook Web Access, and then uses these compromised systems as beachheads within a victim’s environment to hide traffic, relay commands, compromise e-mail, steal data and gather credentials for espionage efforts.
Operating from Russia, the group, which Accenture refers to as belugasturgeon (also known as Turla or Snake), has been active for more than 10 years and is associated with numerous cyber attacks aimed at government agencies, foreign policy research firms and think tanks across the globe.
Accenture is a global professional services company with leading capabilities in digital, cloud and security.
The Most Sophisticated Malware Relied On By The Russian Government
U.S. officials disclosed that they had been investigating Snake for about a decade and came to regard it as the most sophisticated malware implant relied on by the Russian government for espionage campaigns.
They said Turla, the FSB unit believed responsible for the malware, had refined and revised it multiple times as a way to avoid being shut down.
According to senior FBI officials, Snake was a “premier espionage tool” for the Russian government as it allowed its users to transmit stolen information via “hop points” across the world on other infected computers, creating a nearly undetectable highway for sensitive foreign records.
The Justice Department, using a warrant this week from a federal judge in Brooklyn, launched what it said was a high-tech operation using a specialized tool called Perseus that caused the malware to effectively self-destruct.
Federal officials said they were confident that, based on the impact of its operation this week, the FSB would not be able to reconstitute the malware implant.
Senior Justice Department officials emphasized the need for victims for the Snake malware to cooperate with investigators and stay up-to-date on patches and fixes for their systems.
READ ALSO: Poland: Ukrainian Flags Block Russian Envoy’s Path To Soviet Soldiers Cemetery
