US Govt Says FBI Disrupted Russian Malware Network
Facts
- The US Dept. of Justice said on Tuesday that — together with the FBI, the NSA, and partner intelligence agencies from abroad — it executed a court-approved operation to disable a "premier" Russian spying tool that allegedly infected computers in at least 50 countries and resulted in the theft of sensitive documents belonging both to governments and other entities.1
- The FBI’s technical experts identified the malware used by Russia’s FSB security service, reportedly dubbed “Snake.” The infamous hacking group known as “Turla” — made up of FSB spies — is reportedly being tracked by the private sector.2
- The FBI’s operation “MEDUSA” sought to disrupt the Russian network, and it used the recently developed “PERSEUS” tool to successfully neutralize the Snake after a Brooklyn judge granted authorization to secure remote access to infected computers.3
- The FBI collaborated with the US Attorney’s Office for the Eastern District of NY (EDNY), along with multiple foreign governments, to take down the malware network attributed to a unit within the FSB’s Center 16.4
- US officials say the defunct network is one of the world’s most sophisticated hacking tools. A senior FBI official said the operation would make using the hacking instrument “difficult or and untenable” for the FSB.5
- Meanwhile, in a separate statement from the NSA, the agency — alongside the FBI, the Cybersecurity and Infrastructure Security Agency, and intelligence agencies from Australia, Britain, Canada, and New Zealand — issued a joint Cybersecurity Advisory notice. The NSA said the notice provided "background on Snake's attribution to the FSB," and provided technical recommendations for systems administrators to protect against Snake-related malware.6
Sources: 1Justice, 2Reuters, 3ABC News, 4Brooklyn Eagle, 5CNN, and 6National Security Agency/Central Security Service.
Narratives
- Anti-Russia narrative, as provided by United States Department of Justice. The US government has been able to deal a brutal blow to one of Russia’s most prominent and sophisticated malware networks that have terrorized computer systems for nearly 20 years. Russia relies heavily on cyber attacks and espionage to steal sensitive information from the US and its allies in NATO, with the Snake having been one of the FSB’s most powerful tools. Today’s advisory now neutralizes the Russian malware and puts an end to some of Russia’s key dirty tricks.
- Pro-Russia narrative, as provided by CNN. The greatest perpetrator of malware attacks to steal information is the US along with other Western countries, which use their malicious networks to provoke war. The US has been using Ukrainian network infrastructure to employ novel cyber weapons against Russia just as it is using Ukraine as its vessel to launch an actual war on Russia. The FSB is on to the West’s hacker attacks and will bring the perpetrators to justice.
- Establishment-critical narrative, as provided by NBC. This alleged bust only gives a sneak peek into the surveillance capabilities available to governments worldwide. While this may be a sophisticated Russian operation, we can only assume that the US has equally powerful cyber-espionage tools. It's an unsettling time to be online amidst a panopticon of shadowy state actors.