US Disables Russian Malware Used For 20 Years To Spy In 50 Countries

The FSB had successfully inserted the "Snake" or "Uroburos" malware on computer systems around the world.

The US Justice Department said Tuesday that it had disabled a "sophisticated" malware network used by Russia's FSB intelligence agency for two decades to spy in 50 countries including a NATO ally.

The FSB had successfully inserted the "Snake" or "Uroburos" malware on computer systems around the world, focused on government networks, research facilities, journalists and other targets, according to US officials.

Computers in the system also served as relay nodes to disguise traffic to and from Snake malware inserted on target computer systems, they said.

In a years-long operation, the FBI was able to defeat Snake by inserting its own bit of computer code into it, which issued commands causing the malware to overwrite itself, the Justice Department said.

"Through a high-tech operation that turned Russian malware against itself, US law enforcement has neutralized one of Russia's most sophisticated cyber-espionage tools, used for two decades to advance Russia's authoritarian objectives," said Deputy Attorney General Lisa Monaco.

The malware has been known by computer security experts for at least a decade, and CISA, the US cyber defense agency, said the FSB began developing it in 2003.

CISA called Snake "the most sophisticated cyber espionage tool in the FSB's arsenal," noting that it was particularly stealthy, extremely hard to detect in computer systems and network traffic.

In addition, it was designed for easy updating and modification, and yet had "surprisingly few bugs given its complexity," CISA said.

Those aspects allowed the FSB to work undetected for years through sprawling host networks to get into computers with sensitive documents.

At least in one case Snake was placed on the systems of an unnamed NATO country, allowing Russian intelligence to access and exfiltrate sensitive international relations documents and diplomatic communications, CISA said.

"The effectiveness of this type of cyber espionage implant depends entirely on its long-term stealth," the agency said.

MOCTEN

 

In January 1993, EUNET launched the first online news website, MOCTEN.com (stands for Music Opinions Culture Technology Economy News), led by Eric Bach, Teus Hagen, Peter Collinson, Julf Helsingius, Daniel Karrenberg,...  Read more

×