Russia-owned Snake Malware disrupted by DoJ

GEAR CHECK: Our readers don't just follow the news - they stay ready. Featured gear from this story is below.

Staff Writer

The Justice Department has announced the successful completion of a court-authorized operation, known as MEDUSA, to disrupt a global peer-to-peer network of computers compromised by “Snake,” a sophisticated Russian-owned malware.

Government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB).

The operation disabled Turla’s Snake malware on compromised computers using an FBI-created tool named PERSEUS, which caused the malware to overwrite its vital components. The operation was executed by the FBI with a search warrant issued by U.S. Magistrate Judge Cheryl L. Pollak for the Eastern District of New York.

<blockquote class="twitter-tweet"><p lang="en" dir="ltr">The Department of Justice (DOJ) has announced the takedown of a global malware known as &quot;Snake&quot;. The operation known as “MEDUSA” was conducted in joint cooperation with international law enforcement agencies <a href="https://twitter.com/hashtag/cyber?src=hash&amp;ref_src=twsrc%5Etfw">#cyber</a> <a href="https://twitter.com/hashtag/cybercrime?src=hash&amp;ref_src=twsrc%5Etfw">#cybercrime</a> <a href="https://twitter.com/hashtag/malware?src=hash&amp;ref_src=twsrc%5Etfw">#malware</a> <a href="https://twitter.com/hashtag/doj?src=hash&amp;ref_src=twsrc%5Etfw">#doj</a><a href="https://t.co/Je0R63nuSM">https://t.co/Je0R63nuSM</a> <a href="https://t.co/DBKe3LNvII">pic.twitter.com/DBKe3LNvII</a></p>&mdash; Cyber Statesman (@cyberstatesman) <a href="https://twitter.com/cyberstatesman/status/1656304867839815680?ref_src=twsrc%5Etfw">May 10, 2023</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

The FBI is engaging with local authorities to provide notice of Snake infections and remediation guidance to victims outside the United States. Attorney General Merrick B. Garland stated that the Justice Department, along with its international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber espionage, including against its NATO allies.

The Deputy Attorney General, Lisa O. Monaco, added that the Justice Department continues to put victims at the center of its cybercrime work and takes the fight against malicious cyber actors by combining the action with the release of information victims need to protect themselves.

The Justice Department’s National Security Division’s Assistant Attorney General, Matthew G. Olsen, stated that the FSB has relied on the Snake malware to conduct cyber-espionage against the United States and its allies for twenty years, which ends today. He added that the Justice Department would use every weapon in its arsenal to combat Russia’s malicious cyber activity. U.S. Attorney Breon Peace for the Eastern District of New York noted that the FBI’s court-authorized remote search and remediation demonstrated the office’s and its partners’ commitment to using all available tools to protect the American people.

The FBI, along with other government agencies and private sector entities, collaborated to disrupt the Snake malware network, which was led by the FBI New York Field Office and the Cyber Division. The Criminal Division’s Computer Crime and Intellectual Property Section assisted in the operation, and private sector entities were instrumental in the successful outcome by allowing the FBI to monitor Snake communications on their systems.

Snake has been the subject of several cybersecurity industry reports, but Turla has applied numerous upgrades and revisions and selectively deployed it to ensure that it remains its most sophisticated long-term cyberespionage malware implant. The FBI observed Snake persist on particular computers despite a victim’s efforts to remediate the compromise. The Turla unit uses the Snake network to route data exfiltrated from target systems through numerous relay nodes scattered worldwide back to its operators in Russia.

 

You may also like

Blog

Vice President JD Vance has reignited debate over the Jeffrey Epstein case after suggesting the convicted sex offender likely had connections to intelligence agencies, while also acknowledging that the Trump administration mishandled its communication surrounding the release of Epstein-related files.
Defense Secretary Pete Hegseth expected to see a clean-shaven crew during a recent visit to a U.S. Navy ship. Instead, several sailors were still sporting beards, prompting fresh Pentagon discussions over enforcing one of his most closely watched military policies.
New reporting suggests Iranian-linked actors exploited weaknesses in global mobile networks and smartphone advertising data to track the locations of U.S. military personnel in the Middle East during the recent conflict. While officials have not publicly confirmed the full extent of the operation, cybersecurity experts say the allegations expose a serious vulnerability with implications for force protection.
A growing trade dispute between Canada and the United States is beginning to reshape how public contracts are awarded north of the border. Several Canadian provinces have introduced procurement restrictions that limit or exclude some U.S. businesses from bidding on government work, raising concerns about the future of cross-border trade.
While fans from around the world packed Kansas City for the 2026 FIFA World Cup, federal agents were carrying out another mission away from the stadiums. A multi-agency Homeland Security operation has now rescued eight missing children, identified trafficking victims, arrested dangerous offenders, and disrupted criminal activity linked to the global event.

Like This Story? Check Out What Our Community Is Buying

Our best sellers are designed for real-world use - not hype.

View Best Sellers