U.S. Says It Dismantled Russia’s ‘Most Sophisticated’ Malware Network

WASHINGTON — The United States and its allies have dismantled a major cyberespionage system that it said Russia’s intelligence service had used for years to spy on computers around the world, the Justice Department announced on Tuesday.

In a separate report, the Cybersecurity and Infrastructure Security Agency portrayed the system, known as the “Snake” malware network, as “the most sophisticated cyberespionage tool” in the Federal Security Service’s arsenal, which it has used to surveil sensitive targets, including government networks, research facilities and journalists.

The Federal Security Service, or F.S.B., had used Snake to gain access to and steal international relations documents and other diplomatic communications from a NATO country, according to CISA, which added that the Russian agency had used the tool to infect computers across more than 50 countries and inside a range of American institutions. Those included “education, small businesses and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing and communications.”

Top Justice Department officials hailed the apparent demise of the malware.

“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyberespionage tools, used for two decades to advance Russia’s authoritarian objectives,” Lisa O. Monaco, the deputy attorney general, said in a statement.

The CISA report said Snake was designed in a way that allowed its operators to easily incorporate new or upgraded components, and worked on computers running the Windows, Macintosh and Linux operating systems.

The court documents also sought to delay notifying people whose computers would be accessed in the operation, saying it was imperative to coordinate dismantling Snake so the Russians could not thwart or mitigate it.

“Were Turla to become aware of Operation Medusa before its successful execution, Turla could use the Snake malware on the subject computers and other Snake-compromised systems around the world to monitor the execution of the operation to learn how the F.B.I. and other governments were able to disable the Snake malware and harden Snake’s defenses,” Special Agent Forry added.

Source link

Leave a Reply

Your email address will not be published.