sourcegraph
June 13, 2024

WASHINGTON — The United States and its allies have dismantled a major cyber-espionage system that the Justice Department said Russian intelligence services used for years to spy on computers around the world announced on tuesday.

In another report, the Cybersecurity and Infrastructure Security Agency depicts the systemdubbed the “Snake” malware network, is the “most sophisticated cyber-espionage tool” in the FSB’s arsenal and is used to spy on sensitive targets, including government networks, research institutes and journalists.

The Federal Security Service (FSB) used Snake to obtain and steal international relations documents and other diplomatic communications from NATO countries, according to CISA, adding that Russian agencies used the tool to infect computers in more than 50 countries and inside a range of US agencies. These include “education, small business and media organisations, and critical infrastructure sectors including government facilities, financial services, critical manufacturing and communications.”

The apparent demise of malware has been welcomed by senior Justice Department officials.

“U.S. law enforcement has eliminated Russia’s most sophisticated One of the cyberespionage tools of the United States that has been in use for 20 years to advance Russia’s authoritarian goals,” a statement said.

in New Kaifeng 33 pages of court documents From a federal judge in Brooklyn, cybersecurity attorney Taylor Forry laid out how the effort, dubbed Operation Medusa, will proceed.

Court documents say the Snake system operated as a “peer-to-peer” network linking infected computers around the world. Taking advantage of this, the FBI planned to use infected computers in the United States to infiltrate systems, overwriting code on each infected computer to “permanently disable” the network.

The U.S. government has been reviewing Snake-related malware for nearly two decades, according to court documents, which say a unit of the FSB called Turla operates the network in Ryazan, Russia.

While cybersecurity experts have identified and described the Snake network for years, Turla has kept it running with upgrades and modifications.

The malware was difficult to remove from infected computer systems, officials said, and that a covert peer-to-peer network sliced ​​and encrypted the stolen data while secretly routing it back to Russia through “numerous relay nodes located around the world.” Turla operators” in a very difficult way to be detected.

CISA reports that Snake is designed in a way that allows its operators to easily incorporate new or upgraded components and runs on computers running Windows, Macintosh and Linux operating systems.

The court papers also sought to delay notifying those whose computers would be accessed during the operation, saying the removal of Snake had to be coordinated so the Russians could not obstruct or mitigate it.

“If Turla becomes aware of Operation Medusa before it is successfully executed, Turla could use the Snake malware on target computers and other Snake-compromised systems around the world to monitor the execution of the operation to see how the FBI and other governments can disable the Snake malware. software and strengthen Snake’s defenses,” Agent Forry added.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *