FBI & NSA Cut the Head Off Notorious Russian Snake Malware

Slippery virus infected computers in more than 50 countries over 20 year period, but now appears to have been neutralized.

The NSA, FBI and their allies say they have cut the head off a Russian sponsored malware campaign known as Snake that was the ‘most sophisticated cyber espionage tool’ possessed by the country.

According to a statement titled ‘Hunting Russian Intelligence “State” Malware’, the operation can be traced back to Russia’s notorious FSB (Federal Security Services) and may have been active in one form or another for as many as 20 years.

The advisory was released alongside technical details of the malware, which should allow cybersecurity experts to detect and eliminate the program on their networks.

US and NATO Allies Targeted by Russian Malware

The breadth of the Snake hack is astonishing, with the malware detected on computers in more than 50 countries around the world, many of whom share NATO membership with the US.

In one example, the malware was implanted on a victim in NATO, after which bad actors (as hackers are often called in cyber security circles) were able to access and steal various diplomatic communications, including sensitive documents.

Protect Your Data with SurfShark VPN

Connect an unlimited number of devices for just $2.49 per month.

For now, the threat appears to be neutralized. Government agencies say they were able to disable Snake on infected devices using the FBI’s PERSEUS tool, which allows for the overwriting of malware.

‘Russian government actors have used this tool for years for intelligence collection. Snake infrastructure has spread around the world. The technical details will help many organizations find and shut down the malware globally.’ Rob Joyce, NSA Director of Cybersecurity

Shadowy Turla Group to Blame

While broadly linked to the Russian FSB, the FBI believes that an elite sub-unit within the organization is responsible for spreading Snake. The group is sometimes referred to colloquially as Turla, after the open source hacking toolkit its viruses are based on.

The joint statement – issued by the international Cybersecurity Advisory body, or CSA for short – adds that government networks, research facilities, education organizations, and journalists in particular were targeted by Snake and the FSB hackers who ran it. In addition, critical infrastructure sectors like financial services, manufacturing, and communications were zeroed in on.

Historically, the group and its operatives and also understood  be responsible for a spying campaign against the Department of Defense (DoD) so severe it led to the establishment of the US Cyber Command within the DoD.

Global Malware Spread Highlights Risk to All

The NSA and FBI worked on dismantling the Snake malware with their partners in the CSA, which include the Canadian Cyber Security Center, Australian Cyber Security Centre and UK National Cyber Security Centre.

The fact that Snake slithered its way on to computers that would have had millions of bucks spent trying to protect – it was identified on machines in every continent bar Antarctica – highlights the ongoing risk posed by hackers and why organizations of all shapes and sizes need to take online security so seriously.

While your business might not be able to call on the FBI’s arsenal of cybersecurity tools if it finds itself in trouble, there are simple things you can do to up your game like using one of the most secure VPNs when sharing data remotely.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
James Laird is a technology journalist with 10+ years experience working on some of the world's biggest websites. These include TechRadar, Trusted Reviews, Lifehacker, Gizmodo and The Sun, as well as industry-specific titles such as ITProPortal. His particular areas of interest and expertise are cyber security, VPNs and general hardware.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals