The U.S. and allied countries have foiled a vast Russian hacking operation that has been spying on its adversaries for about 20 years, the Justice Department announced.
Law enforcement agencies have penetrated a global network of computers infected with malicious software that the US says Russia’s federal intelligence service used to spy on computers in at least 50 countries, including government that is a member of the North Atlantic Treaty Organization, the Justice Department said on Tuesday.
“The Department of Justice, together with our international partners, dismantled a global network of computers infected with malware that the Russian government used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” Attorney General Merrick Garland said in a statement.
The operations disabled the so-called Snake malware on compromised computers by using a tool developed by the FBI called PERSEUS, which issued commands to overwrite the malware, according to the US.
The Federal Bureau of Investigation, National Security Agency, Cybersecurity and Infrastructure Security Agency, US Cyber Command and six other intelligence and cybersecurity agencies from allied governments issued a joint advisory on Tuesday with technical information about Snake malware to help cybersecurity professionals detect and resolve it. the malware on their networks.
The FBI attributed the Snake espionage malware implant to Turla, an elite Russian hacking unit that spends hours profiling victims, often using USB sticks to spread the malware, according to cybersecurity company Mandiant, a unit of Google Cloud.
Mandiant said in a January report that it had recently observed suspicious activity in Turla in Ukraine for the first time since Russia’s invasion of Ukraine.
John Hultquist, who runs threat intelligence at Mandiant, said the Turla group has successfully pursued high-value intelligence targets for decades, including a surveillance campaign against the US Defense Department that helped launch the US Cyber Command in response to extraordinary hacks.
“Most of them stay under the radar; they avoid the limelight at all costs,” Hultquist said, adding that the group has historically taken great care to keep its operations anonymous and that its operations are rarely seen. “They have created highly sophisticated intrusions designed to go unnoticed.”
The FBI, which says it has been investigating Turla for more than a decade, obtained a court search warrant that allowed remote access to the compromised computers.
The FBI said in a statement that it has provided notice of the court-authorized operation to all owners or operators of computers remotely accessed as a result of the search warrant.
In an unrelated move, the Justice Department announced in 2021 that it had conducted a court-authorized operation to copy and remove malicious code from hundreds of vulnerable US computers.
“That approach is somewhat controversial but these are difficult problems and the solutions need to be creative,” Hultquist said. “These are not run-of-the-mill threats.”
Copyright 2023 Bloomberg.
The most important insurance news, in your inbox every business day.
Get the trusted insurance industry newsletter