The FBI has found a way to shut down the Snake malware network. According to the US, that malware comes from the Russian FSB and has been used for almost twenty years to try to steal sensitive data, among other things.
The US Department of Justice obtained court approval on Monday to shut down the infrastructure behind the Snake malware. The FBI then remotely deployed a tool it developed itself, Perseus, to eight compromised computers in the US, the security service said during a press conference, including The Register. writes about. That tool sends commands to the Snake malware and causes it to self-destruct.
The FBI says it is working with local authorities in other countries to report Snake infections and provide advice on how to remedy them. In addition, has the US, together with Canada and Australia, among others, published an extensive document explaining how governments themselves can detect and cure snake infestations.
The US states that the Snake malware has been used since 2004. It would have infected “hundreds of computers” in more than fifty countries, including several NATO countries, the US says. The malware is said to have been used to steal sensitive documents. In the US, the malware is also said to have been used at educational institutions, small businesses and media organizations.
The malware comes from the Russian cyber espionage group Turla, which the US says is affiliated with the Russian Federal Security Service, the FSB. Turla’s activities would therefore originate from an FSB facility. The FBI calls this malware “the security agency’s most important espionage tool.”
The tool works on a peer-to-peer network, where the infected computers act as relay nodes to transfer the stolen data from computer to computer. The malware therefore not only caused data exfiltration, but also allowed the compromised computers to communicate with each other. In addition, special encrypted communication protocols were used that made malware activity difficult to detect. It took the FBI several years to track Snake’s network traffic and decrypt its communication protocols.