RUSSIAN SECURITY AGENTS HAVE BEEN USING A SECRET NETWORK OF CORRUPTED COMPUTERS TO SPY ON NATO FOR DECADES, BUT THE US JUST BUSTED IT OPEN, FEDS SAY
Jake Epstein
May 9, 2023
Insider
US authorities cracked open a secret network of compromised computers that Russian security agents built and have been using to spy on NATO members for years, the Justice Department revealed on Tuesday.
The FBI managed to disrupt a global network of computers that had been compromised by a “sophisticated malware” known as “Snake,” the Justice Department said in a statement. To do this, the agency carried out a court-authorized operation to disable Snake on compromised computers by using a tool that instructed the malware to destroy itself.
For nearly two decades, a unit within Russia’s Federal Security Service (FSB) — successor to the Soviet-era KGB — has used Snake to target and steal sensitive documents from computer systems in dozens of countries across the world, including NATO members, the Justice Department said.
“We consider Snake to be the most sophisticated cyber espionage tool in the FSB’s arsenal,” the Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory on Tuesday. “Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets, such as government networks, research facilities, and journalists.”
CISA detailed one specific case where FSB agents managed to use Snake to “access and exfiltrate sensitive international relations documents, as well as other diplomatic communications” through a victim in an unspecified NATO country. Within the US, the FSB has “victimized” several sectors, including government facilities, critical manufacturing, financial services, education, media organizations, and small businesses, the advisory said.
According to an FBI affidavit, the agency worked with US intelligence partners and foreign governments to investigate how Snake worked. The FSB used Snake to pull data from sensitive computer systems — including those run by NATO governments — and transmit the data through compromised systems in the US before it got transmitted back to Russia. Doing so made it difficult for victims to uncover how the network was connected.
Eventually, through its analysis of Snake, the FBI developed an ability to decode and decrypt Snake’s communications, the Justice Department said. The FBI then created a tool called Perseus, which could communicate with Snake on a specific system and use commands to force the malware to essentially self-destruct.
“Russian government actors have used this tool for years for intelligence collection,” said Rob Joyce, the National Security Agency’s director of cybersecurity, in a statement. “Snake
infrastructure has spread around the world. The technical details will help many organizations find and shut down the malware globally.”
Top Justice Department officials praised the FBI’s ability to neutralize the FSB’s network.
“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” Attorney General Merrick Garland said in a statement.
“We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies,” he continued.