"U.S. law enforcement has neutralized one of Russia's most sophisticated cyber espionage tools." Announcement made by US Deputy Attorney General Lisa Monaco on Tuesday. Washington implemented "a high-tech operation," which turned "this Russian malware against itself." But what did this software really do?
Capable of "stealing hundreds of sensitive documents"
Called "Snake", it is considered by the US Cyber Defense Agency (Cisa), "the most sophisticated cyber-espionage tool in the arsenal of the FSB". It allowed Russian intelligence services to "steal hundreds of sensitive documents from at least 50 countries," including attacking the IT departments of governments, media or research centers, according to a statement from the US Department of Justice.
With U.S. & international partners, we released a joint cybersecurity advisory on Snake malware, which is considered the most sophisticated cyber espionage tool designed and used by #Russia's Federal Security Service. Here's how to protect your networks: https://t.co/ppKUoJRQp0 pic.twitter.com/MVkNzZXSTb
— Cybersecurity and Infrastructure Security Agency (@CISAgov) May 9, 2023
"Snake" had been known to cybersecurity experts for at least a decade. CISA places its creation date around 2003 and estimates that it has been the subject of many updates over time. "It surprisingly has very few computer bugs, which is surprising given its complexity," the agency also notes.
Also known as "Uroboros"
According to U.S. authorities, "Snake" was guided from an FSB unit called "Turla," located in Ryazan, Russia. It could identify and steal documents and remain undetected indefinitely. Its specificity: the agents of "Turla" exfiltrated this data using the global network of infected computers.
In 2018, the German Foreign Ministry revealed that it had been the subject of an unprecedented attack attributed by the media to the software "Snake", also known as "Uroboros". Victims have also been identified in Belgium, Ukraine, the United States, Switzerland and Georgia.
" READ ALSO The other war in Ukraine: how the cyber-resistance holds up against Russian hackers
After studying this software for many years, the US federal police managed to create a tool, called "Perseus", capable of communicating with "Snake" and ordering him to shut down without implicating the host computer. He was put out of action during Operation Medusa conducted by the FBI, in coordination with foreign partners.