April 24, 2024
FBI takes down Russian computer malware network that attacked NATO nations, journalists
Operation Medusa took down Snake, a malware network built by a Russian intelligence unit to infiltrate high-value targets around the world.

Taxis move past the headquarters of Russia’s Federal Security Service, known as the FSB, in central Moscow, May 12, 2022.

Natalia Kolesnikova | Afp | Getty Images

The Federal Bureau of Investigation disrupted a Russian government-controlled malware network that compromised hundreds of computers belonging to NATO-member governments and other Russian targets of interest, including journalists, the Justice Department said Tuesday.

The disruption effort, called Operation Medusa, took the malware offline “on or about May 8,” the department said.

A unit within Russia’s Federal Security Service, or FSB, successor to the Soviet-era KGB, developed and deployed a malware codenamed Snake as far back as 2004, a federal search warrant request shows. The unit, called Turla, used the malware to selectively target high-value devices used by allied foreign ministries and governments.

The software was able to record every keystroke a victim made, a capacity known as keylogging, and send it back to Turla’s control center.

In at least one case, Turla used the Snake malware to infiltrate a personal computer belonging to a journalist at a U.S. media outlet who reported on Russia’s government, the Justice Department said.

The department said Snake was Russia’s “premier long-term cyberespionage malware” and disrupting it was part of an effort by U.S. law enforcement to protect victims around the world.

“We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies,” Attorney General Merrick Garland said in a statement.

Snake’s targeted capacities fed Russian intelligence huge amounts of information until U.S. law enforcement took down the network, the Justice Department said.

Snake was also able to snoop and compromise a victim’s internet activity, inserting itself into the data that a victim’s computer sent online. Turla’s malware was able to operate effectively undetected by victims for nearly two decades, even as federal law enforcement monitored and pursued the Russian intelligence unit behind Snake, the Justice Department said.

Federal researchers and counterintelligence agents were able to reverse-engineer Snake and build software that would disable the malware. The software was codenamed Perseus and was deployed in a synchronized operation earlier this week with the cooperation of other foreign governments.

“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” Deputy Attorney General Lisa Monaco said in a statement.

Correction: This story has been updated to reflect that Russia’s successor to the Soviet-era KGB is the Federal Security Service. A previous version misnamed the agency.