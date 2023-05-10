



WASHINGTON The United States and its allies have taken down a major cyber-espionage system that Russian intelligence services had used for years to spy on computers around the world, the Justice Department announced Tuesday.

In a separate report, the Cybersecurity and Infrastructure Security Agency described the system, known as the Snake malware network, as the most sophisticated cyber-espionage tool in the federal security services arsenal, which it has used to monitor sensitive targets including government networks, research facilities. and journalists.

The Federal Security Service, or FSB, had used Snake to access and steal international relations documents and other diplomatic communications from a NATO country, according to CISA, which added that the Russian agency had used the tool to infect computers in more than 50 countries. countries and within a range of American institutions. These included education, small business and media organizations, as well as critical infrastructure sectors including government facilities, financial services, manufacturing and critical communications.

Senior Justice Department officials hailed the malware’s apparent demise.

In a high-tech operation that turned Russian malware against itself, US law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance military goals. authoritarians of Russia,” Lisa O. Monaco, deputy attorney general, said in a statement. .

In a recently unsealed 33-page court filing from a Brooklyn federal judge, cybersecurity officer Taylor Forry explained how the effort, called Operation Medusa, would unfold.

The Snake system, according to court documents, operated as a peer-to-peer network that linked infected computers around the world. Taking advantage of this, the FBI planned to infiltrate the system using an infected computer in the United States, overriding each infected computer’s code to permanently disable the network.

The US government had been investigating Snake-related malware for nearly two decades, according to court documents, which said an FSB unit known as Turla operated the network from Ryazan, Russia.

Even though cybersecurity experts have identified and described the Snake Network over the years, Turla has kept it operational through upgrades and revisions.

The malware was difficult to remove from infected computer systems, officials said, and the secret peer-to-peer network cut and encrypted the stolen data while stealthily routing it through numerous relay nodes scattered around the world to the Turla operators in Russia in a way that was hard to detect.

The CISA report states that Snake was designed in a way to allow its operators to easily integrate new or upgraded components, and worked on computers running Windows, Macintosh and Linux operating systems.

The court documents also sought to delay notifying people whose computers would be accessed during the operation, saying it was imperative to coordinate the takedown of Snake so the Russians could not thwart or mitigate it.

If Turla becomes aware of Operation Medusa before its successful execution, Turla could use the Snake malware on affected computers and other Snake-compromised systems around the world to monitor the execution of the operation to learn how. the FBI and other governments were able to disable the Snake malware and bolster Snakes defenses, Special Agent Forry added.

Sources 1/ https://Google.com/ 2/ https://www.nytimes.com/2023/05/09/us/politics/fbi-russia-malware.html

