The FBI is letting Putin’s elite hackers run into the open knife

The FBI has sabotaged and disabled hacking software used by elite Russian spies against Western government agencies and businesses. It is the infamous Snake malware, a cyber-espionage toolkit that has been controlled by the Russian FSB hacker group Turla for nearly two decades. Senior US law enforcement officials announced this on Tuesday.

The removal of the malware was part of the so-called Operation Medusa, which aims to deal the final blow to one of Russia’s leading cyber-espionage programs. “We consider this your primary espionage tool,” said one of the officials. It is hoped that the blow will “wipe the Turla spy group from the virtual battlefield”.

Turla is widely regarded as one of the most advanced hacking groups. An FBI official said the group has been active for two decades against various targets within NATO, US government agencies and technology companies. The group, which the United States says is controlled by the Russian domestic secret service FSB, operated in secrecy for years.

How the US caught up to Putin’s elite hackers

According to court documents, the FBI and intelligence agencies in the US, UK, Canada, Australia and New Zealand have been investigating the Russian Snake malware and its operation for at least eight years, since it was found on the networks of several US organizations in 2015. the cyber experts analyzed how the well-camouflaged malware comes home encrypted and how the hacker group unnoticed downloads the data from infected computer systems.

US officials have described Snake as the FSB’s “most sophisticated cyber-espionage tool”. In addition to Windows, it can also infiltrate Linux and macOS. Russia’s domestic intelligence agency used the malware to steal sensitive information from high-level targets, such as government networks, research institutions and journalists.

Once on a computer system, Snake loads additional software modules that allow hackers to exfiltrate confidential data unnoticed through encrypted connections.

The computer systems infected with Snake were not only misused to collect data, but also involuntarily acted as a proxy server or botnet, which was used to hide data traffic from other Snake attacks.

FBI sure: hackers come from Russia

Due to the skilled and careful approach of the hackers, the cyber attacks were largely invisible for many years. But when the group’s researchers found out in 2015, they didn’t just manage to expose other Snake-infected systems. It was even possible to “locate the malware’s main operations center,” as cybersecurity news service Risky Biz News reports. Accordingly, Snake could be linked to an FSB facility in Ryazan, a city 200 kilometers southeast of Moscow.

The FBI and its partners have now succeeded in paralyzing the hackers’ infrastructure with their own software. The FBI relied on existing search warrants to remotely access the Russian malware on victims’ networks in the US and cut ties with the hackers in Russia.

A senior FBI official told Reuters that the FBI’s tool was designed solely to bring down Russia’s spy program. It does this without access to the victim’s personal information.

According to authorities, the malware has been found on systems in more than 50 countries. Although the FBI has shut down Snake and authorities in other countries are now being advised on how to remove Snake, the risk of infected computer systems remains high. The FBI warns that the hackers can almost always use a keylogger on infected systems and come back with the stolen credentials, as long as the associated passwords have not been changed.

There was initially no comment from Russia. The Moscow leadership denies regular involvement in cyber espionage.