Russia-owned Snake Malware disrupted by DoJ

Government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB).

The operation disabled Turla’s Snake malware on compromised computers using an FBI-created tool named PERSEUS, which caused the malware to overwrite its vital components. The operation was executed by the FBI with a search warrant issued by U.S. Magistrate Judge Cheryl L. Pollak for the Eastern District of New York.

The Department of Justice (DOJ) has announced the takedown of a global malware known as "Snake". The operation known as “MEDUSA” was conducted in joint cooperation with international law enforcement agencies #cyber #cybercrime #malware #dojhttps://t.co/Je0R63nuSM pic.twitter.com/DBKe3LNvII

— Cyber Statesman (@cyberstatesman) May 10, 2023

The FBI is engaging with local authorities to provide notice of Snake infections and remediation guidance to victims outside the United States. Attorney General Merrick B. Garland stated that the Justice Department, along with its international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber espionage, including against its NATO allies.

The Deputy Attorney General, Lisa O. Monaco, added that the Justice Department continues to put victims at the center of its cybercrime work and takes the fight against malicious cyber actors by combining the action with the release of information victims need to protect themselves.

The Justice Department’s National Security Division’s Assistant Attorney General, Matthew G. Olsen, stated that the FSB has relied on the Snake malware to conduct cyber-espionage against the United States and its allies for twenty years, which ends today. He added that the Justice Department would use every weapon in its arsenal to combat Russia’s malicious cyber activity. U.S. Attorney Breon Peace for the Eastern District of New York noted that the FBI’s court-authorized remote search and remediation demonstrated the office’s and its partners’ commitment to using all available tools to protect the American people.

The FBI, along with other government agencies and private sector entities, collaborated to disrupt the Snake malware network, which was led by the FBI New York Field Office and the Cyber Division. The Criminal Division’s Computer Crime and Intellectual Property Section assisted in the operation, and private sector entities were instrumental in the successful outcome by allowing the FBI to monitor Snake communications on their systems.

Snake has been the subject of several cybersecurity industry reports, but Turla has applied numerous upgrades and revisions and selectively deployed it to ensure that it remains its most sophisticated long-term cyberespionage malware implant. The FBI observed Snake persist on particular computers despite a victim’s efforts to remediate the compromise. The Turla unit uses the Snake network to route data exfiltrated from target systems through numerous relay nodes scattered worldwide back to its operators in Russia.