The NSA, FBI and their allies say they have cut the head off a Russian sponsored malware campaign known as Snake that was the ‘most sophisticated cyber espionage tool’ possessed by the country.
According to a statement titled ‘Hunting Russian Intelligence “State” Malware’, the operation can be traced back to Russia’s notorious FSB (Federal Security Services) and may have been active in one form or another for as many as 20 years.
The advisory was released alongside technical details of the malware, which should allow cybersecurity experts to detect and eliminate the program on their networks.
US and NATO Allies Targeted by Russian Malware
The breadth of the Snake hack is astonishing, with the malware detected on computers in more than 50 countries around the world, many of whom share NATO membership with the US.
In one example, the malware was implanted on a victim in NATO, after which bad actors (as hackers are often called in cyber security circles) were able to access and steal various diplomatic communications, including sensitive documents.
For now, the threat appears to be neutralized. Government agencies say they were able to disable Snake on infected devices using the FBI’s PERSEUS tool, which allows for the overwriting of malware.
‘Russian government actors have used this tool for years for intelligence collection. Snake infrastructure has spread around the world. The technical details will help many organizations find and shut down the malware globally.’ Rob Joyce, NSA Director of Cybersecurity
Shadowy Turla Group to Blame
While broadly linked to the Russian FSB, the FBI believes that an elite sub-unit within the organization is responsible for spreading Snake. The group is sometimes referred to colloquially as Turla, after the open source hacking toolkit its viruses are based on.
The joint statement – issued by the international Cybersecurity Advisory body, or CSA for short – adds that government networks, research facilities, education organizations, and journalists in particular were targeted by Snake and the FSB hackers who ran it. In addition, critical infrastructure sectors like financial services, manufacturing, and communications were zeroed in on.
Historically, the group and its operatives and also understood be responsible for a spying campaign against the Department of Defense (DoD) so severe it led to the establishment of the US Cyber Command within the DoD.
Global Malware Spread Highlights Risk to All
The NSA and FBI worked on dismantling the Snake malware with their partners in the CSA, which include the Canadian Cyber Security Center, Australian Cyber Security Centre and UK National Cyber Security Centre.
The fact that Snake slithered its way on to computers that would have had millions of bucks spent trying to protect – it was identified on machines in every continent bar Antarctica – highlights the ongoing risk posed by hackers and why organizations of all shapes and sizes need to take online security so seriously.
While your business might not be able to call on the FBI’s arsenal of cybersecurity tools if it finds itself in trouble, there are simple things you can do to up your game like using one of the most secure VPNs when sharing data remotely.