The US Justice Department has announced the successful disabling of a sophisticated malware network operated by Russia’s FSB intelligence agency for over two decades. The malware, known as “Snake” or “Uroburos,” was deployed on computer systems worldwide, with a particular focus on government networks, research facilities, journalists, and other targets.
The operation targeted 50 countries, including a NATO ally, and utilized compromised computers as relay nodes to conceal traffic related to the Snake malware.By leveraging a years-long operation, the FBI managed to counter the Snake malware by inserting its own code into the system. This code issued commands that caused the malware to overwrite itself, effectively neutralizing its capabilities. Deputy Attorney General Lisa Monaco described the operation as a high-tech endeavor that turned Russian malware against itself, countering one of Russia’s most sophisticated cyber-espionage tools.
The Snake malware, which was developed by the FSB starting in 2003, has been recognized by cybersecurity experts for over a decade. The US cyber defense agency, CISA, identified Snake as the FSB’s most advanced cyber espionage tool, characterized by its stealthiness and difficulty to detect within computer systems and network traffic. Despite its complexity, the malware had surprisingly few bugs, allowing the FSB to remain undetected while infiltrating computers holding sensitive documents.CISA highlighted a case in which Snake was discovered on the systems of an undisclosed NATO country. This allowed Russian intelligence to gain access to and extract sensitive international relations documents and diplomatic communications. The agency emphasized that the effectiveness of such cyber espionage tools hinges on their ability to remain stealthy over an extended period.
The successful neutralization of the Snake malware marks a significant blow to Russia’s cyber-espionage capabilities and its pursuit of authoritarian objectives. The operation demonstrates the commitment of US law enforcement to counter cyber threats and protect sensitive information from malicious actors.