The United States has neutralized the “snake”, malware used for about twenty years by Russian spies to steal sensitive documents in about fifty countries, particularly those belonging to NATO. This was announced by the US Department of Justice on Tuesday, specifying that “Snake” had been smuggled into hundreds of computers by an FSB unit in order to monitor, among other things, members of the government, research centers and journalists. “Russia used sophisticated malware to steal sensitive information from our allies and then smuggled it through a network of infected computers in the United States in a cynical attempt to cover up its crimes,” the East District Attorney said in a statement. New York, Breon Peace. “This is the most sophisticated long-term operation of any cyberespionage malware.”
The Russian service unit in charge of the “Snake” is called Turla, which operates within the FSB’s 16th Directorate, the Digital Intelligence Branch, also known as Unit 71330, and is one of the longest-lived – and most innovative – international espionage departments: The Trails of Its Hackers would go back to the 1990s. Turla is very dangerous, has operational bases across Russia, and targets classic targets such as governments, the military, and the defense sector. She has been blamed for several incidents in the past, however, according to experts, most of her activities have never been detected.
That’s what happened, at least so far, with Snake, which the Cyber and Infrastructure Security Agency has defined as “the most sophisticated cyberespionage tool in the FSB’s arsenal.” The malware compromised computers and created a kind of “secret” peer-to-peer network using infected terminals that could communicate with each other, allowing to evade counterintelligence and secretly transfer huge amounts of data. The snake was also constantly updated, making it extremely difficult to locate and neutralize.
During the investigation, which dragged on for more than a decade, the agents discovered that the Turla unit used the malware controlled by Ryazan, Russia, to, among other things, infiltrate the computer of a foreign ministry of a NATO country and access internal documents there stealing the Confederation and the United Nations, but also sneaking into the role of a journalist negotiating with the Russian government for an unspecified American outlet.
The FBI – said the same agency – first tried to loosen the Snake’s control over computers present in the United States, and then expanded Operation Medusa to infected computers in the rest of the world: the agency’s programmers infiltrated the malware, thereby sending conflicting information to the information received from its operators, leading to self-destruction.