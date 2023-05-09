The FBI announced Tuesday that it has disrupted a network of hacked computers that Russian spies have used for years to steal sensitive information from at least 50 countries, including NATO governments.
The move appears to be a major blow to Russia’s domestic intelligence service, FSB, which allegedly used the sophisticated hacking tool to infiltrate US and Western diplomatic and military agencies for nearly two decades. It’s the latest move by the Justice Department to more aggressively target foreign espionage and criminal rings using the FBI’s custom-built tools.
The FBI used a court order on Monday to cut off Russian access to the US computer network that hackers were using to funnel stolen information around the world and back to Russia, US officials said. The FBI’s operation and US public advisory on the hacking tool would make it “difficult or unsustainable” for the FSB to use it effectively again, a senior FBI official said in a phone call with reporters on Tuesday.
FSB operatives, for example, used the hacking tool to “access and exploit sensitive international relations documents as well as other diplomatic communications” from an unnamed NATO country, the US and its allies said. Five Eyes”. advisory Tuesday.
The Russian Embassy in Washington did not immediately respond to a request for comment.
The Russian hacking group that targeted the FBI, known as Turla, is widely believed by experts to be one of the most elite cyber espionage units in the Russian intelligence services. The Turla tools are linked to a major breach of US military networks in the mid-to-late 1990s and a 2008 US Central Command retaliation.
In recent years, hackers have been observed digging into the networks of foreign ministries and parliaments in Eastern Europe to gather intelligence on Russian adversaries.
The Russian group has also used the work of other spy agencies. In 2018, Turla hijacked an Iranian hacking tool to gain access to the network of an unnamed Middle Eastern government. according to to researchers.
Turla’s operatives are “real professionals,” Juan Andres Guerrero-Saade, a researcher who has tracked Turla for years, told CNN.
“They’re not fooling around breaking things or drawing attention to themselves in silly ways,” said Guerrero-Saade, who is senior director of SentinelLabs, the research arm of security firm SentinelOne. He said this is what you would “expect from the GRU,” referring to Russia’s military intelligence agency, whose hackers are generally more prominent. “You don’t see that from Turla.”
Turla’s reputation as one of the Kremlin’s top hacking teams has inspired researchers and private journalists to track down the hackers.
A 2022 investigation by German public broadcaster Bayerische Rundfunk tracked several Turla operations at an FSB-linked company in the Russian city of Ryazan, about 120 miles southeast of Moscow. US and allied intelligence confirmed that Turla’s daily hacking operations take place at an FSB facility in Ryazan.
While the FBI touted the move as another example of the bureau’s strategy to protect hacking victims, Guerrero-Saade wondered what visibility the FBI might have lost into Turla’s operations by exposing the hacked computer network.
“The FBI has a hammer and they’ve decided this is just another nail,” Guerrero-Saade said. “And I don’t think espionage operations should be treated the same way as criminal operations.”
