In a landmark victory for global cybersecurity, the U.S. Department of Justice (DOJ), alongside the intelligence agencies of the Five Eyes alliance, has successfully disrupted the cyber-espionage activities of Turla, a notorious cybercrime group linked to Russia. Turla, known for its advanced cyber-espionage techniques, has been a persistent thorn in the side of international cyber defense.
The announcement came on Tuesday when federal officials reported that the cyber infrastructure supporting the Snake malware, a tool utilized by Russia’s Federal Security Service (FSB), had been dismantled. This malware was regarded as one of the most sophisticated cyber-espionage tools used by the Russian intelligence services, having infiltrated computers across 50 countries.
Snake was predominantly deployed for extracting sensitive diplomatic communications and international relations documents. Its victims extended beyond a NATO country to include several sectors within the U.S., namely education, small businesses, media organizations, and even critical infrastructures like local government, finance, manufacturing, and telecommunications.
The extensive damage caused by this aging malware took many cybersecurity experts by surprise. Despite its age – the Snake backdoor framework was developed in 2003 – the FSB continued to employ it, attesting to its efficacy and the significant resources spent in its development.
As Assistant Attorney General Matthew G. Olsen of the DOJ’s National Security Division stated, “For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies — that ends today.” However, this victory should not make us complacent. Frank van Oeveren, manager of Threat Intelligence & Security Research at Fox-IT, part of NCC Group, cautioned against underestimating the group behind Snake, particularly due to their persistence and inventiveness.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
The Snake backdoor is exclusively used against high-profile targets, serving espionage purposes while remaining undetected for as long as possible. Its sophistication was such that it managed to remain unnoticed for years during a previous incident response case.
Going forward, the cybercrime group may likely persist, potentially with a different framework. Considering the Russian Intelligence Service’s proclivity for creating multiple backdoors in different programming languages, a similar toolkit could be expected.
Victims of Snake are strongly advised to collaborate with established incident response firms due to the sophistication of the attacks and the backdoor usage.
Furthermore, organizations can proactively safeguard themselves from such malware attacks by implementing robust security measures. These include maintaining an accurate inventory of assets, updating and patching systems regularly, conducting phishing campaigns and training, and implementing stringent access controls.
The disruption of the Snake malware network provides a valuable lesson. Even a single unpatched system or a single untrained user clicking a phishing link can compromise an entire organization. Therefore, attention must be given to securing any potential weak links.
International cooperation remains key in combating global cybercrime. The successful takedown of a vast network operated by a state-level security agency demonstrates the power of collective action. Nevertheless, geopolitical issues can impede collaboration. However, victories like this prove that such hurdles can be overcome, leading to substantial progress in the battle against global cyber threats.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
