[ad_1]
WASHINGTON — The United States and its allies have dismantled a major cyber espionage system that Russian intelligence services say has been used for years to spy on computers around the world, the Justice Department announced Tuesday.
In a separate report, the Cybersecurity and Infrastructure Security Agency described the system, known as the “Snake” malware network, as the “most sophisticated cyberespionage tool” in the Federal Security Service’s arsenal, used to monitor sensitive targets, including the government. networks, research facilities and journalists.
The Federal Security Service, or FSB, used Snake to gain access to and steal international relations documents and other diplomatic communications from NATO countries, according to CISA, which added that the Russian agency used the tool to infect computers in more than 50 countries and in several American institutions. . That includes “education, small business and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing and communications.”
A top Justice Department official hailed the death of the malware.
“Through a high-tech operation that turned Russian malware on itself, US law enforcement has neutralized one of Russia’s most sophisticated cyber espionage tools, used for two decades to advance Russia’s authoritarian goals,” said Lisa O. Monaco, deputy attorney general, in statement.
In a 33-page lawsuit that was recently opened by a federal judge in Brooklyn, cybersecurity agent, Taylor Forry, laid out how the effort, called Operation Medusa, will happen.
The Snake system, according to court documents, operated as a “peer to peer” network connecting infected computers around the world. Leveraging that, the FBI plans to infiltrate systems using infected computers in the United States, overriding the code on each infected computer to “permanently disable” the network.
The US government has been investigating Snake-related malware for nearly two decades, according to court filings, which say an FSB unit known as Turla has been operating the network from Ryazan, Russia.
Although cybersecurity experts identified and described the Snake network over the years, Turla remains operational through upgrades and revisions.
Malware is difficult to remove from infected computer systems, officials said, and a secret peer-to-peer network slices and encrypts stolen data while secretly routing it through “many relay nodes scattered around the world back to the Turla operator in Russia” in a way that is difficult to detect.
The CISA report said Snake was designed in a way that allows operators to easily incorporate new components or updates, and work on computers with Windows, Macintosh and Linux operating systems.
Court documents also sought to delay notifying those whose computers would be accessed in the operation, saying it was important to coordinate the dismantling of Snake so the Russians could not interfere or undermine it.
“If Turla knows about Operation Medusa before its successful execution, Turla can use the Snake malware on the subject’s computer and other Snake-compromised systems around the world to monitor the execution of the operation to learn how the FBI and other governments can. to kill the Snake malware and strengthen Snake’s defenses, ” added Special Agent Forry.
[ad_2]
Source link