It has haunted the nights of the counterintelligence services of the United States and its allies for more than twenty years. Snake, a malware believed to be the Russian FSB’s main cyber-espionage tool, has been put out of harm’s way, the FBI said Tuesday, May 9.
“The Justice Department, along with our international partners, has shut down a global network of malware-infected computers that the Russian government has been using for almost two decades in its cyberespionage campaigns, including against our NATO allies,” summarized Merrick Garland, the US Attorney General. in a press release.
Medusa vs. Snake
Nicknamed “Medusa”, this operation coordinated by the FBI made it possible, thanks to Snake, to identify thousands of computers spied on remotely by the FSB, in fifty countries.
In fact, this malware works “like a digital implant that is installed on the compromised computer system, allowing it to be taken over remotely,” summarizes Benoît Grunemwald, a cybersecurity expert at Slovakian company Eset.
But not just any digital “implant”. The FSB has had 20 years to perfect and update it to stay ahead of other countries’ counterintelligence services, at least so far. “When its existence became known to the general public in 2014, we found that it had already been in use in 43 countries for years and that it was a real Rolls-Royce of the spyware states at the time,” emphasizes cybersecurity researcher Pierre Delcher for the Russian company Kaspersky.
A real revelation for part of the cyber community at the time: a state actor – not yet connected to the FSB – had a significant lead in turning cyberspace into a giant playground for spies.
71330 Heart of the Military Unit
As early as 2013, according to the FBI, Snake was “one of the most sophisticated malware in the world”. “Its greatest strength was and is its camouflage,” assures Benoît Grunemwald. It is virtually undetectable on the computers it infects and seamlessly integrates with legitimate programs. In addition, “it manages very well to disrupt its communication with remote operators when it sends the information recovered from the victims’ computers”, specifies Pierre Delcher.
Assets that made Snake the heart of FSB military unit 71330. Directly controlled by the Kremlin’s secret agents, this hacking cell uses them to target important targets.
Snake allowed the FSB to spy on several embassies from NATO countries, state administrations in a dozen states, media groups in the USA, and companies in the pharmaceutical and energy sectors.
No wonder secret services around the world have been conducting a giant snake hunt under these conditions for the past ten years. “They have repeatedly managed to detect and combat operations carried out with Snake, without ever completely neutralizing them,” emphasizes Gérôme Billois, cybersecurity expert at Wavestone.
The difference this time is that Operation Medusa “allowed the deactivation of part of the infrastructure that allows the use of this spy software,” assures Gerôme Billois. In other words, the authorities have neutralized a large part of the Snake network.
To achieve this, they had Snake bite his tail. The FBI and its partners took control of infected computers, from which programs were sent to servers controlled by Russian spies to disable this network. “It’s a bit like they asked Snake to self-destruct,” summarizes Gérôme Billois.
Warning in Moscow
“It’s a blow to the FSB, but it should be able to recover, say experts polled by France 24. He wasn’t arrested, which means that the FSB still has the brains that guided him,” Gérôme Billois specifies.
No doubt these cyber espionage experts will get to work to get their network back on its feet. “This operation is expected to slow down espionage campaigns against important targets by months,” estimates Benoît Grunemwald.
The FSB likely has other tricks up their sleeves. “This actor has known for at least ten years that everyone is trying to neutralize this threat, he has had time to work on alternatives,” notes Pierre Delcher.
Finally, “this victory for the FBI and its allies will not give the FBI and its allies a huge operational advantage over Russia,” Judge Gerôme Billois said. But perhaps the important thing lies elsewhere: “If Washington were to snub Moscow’s spies the day after the May 9 celebrations in Moscow [jour de fête nationale qui marque la victoire des Soviétiques sur l’Allemagne nazie en 1945, NDLR]”That’s probably not trivial,” the expert recalls.
In the midst of the war in Ukraine, this is a way for Washington to “legally” convince Russia that the United States can do this [ils ont obtenu des mandats judiciaires pour effectuer chaque étape de l’opération “Medusa”, NDLR] and thanks to international cooperation, we have managed to understand and master the most sophisticated tool in the arsenal of Russian cyberspies,” concludes Pierre Delcher. This operation actually allows Moscow to signal that even the FSB’s top secrets are not intended for Washington’s big ears.