The Justice Department announced Tuesday that it successfully disrupted a nearly 20-year-old digital espionage network operated by the Russian government.
That network was run by a specific Russian spy unit known as “Turla,” which federal officials said manufactured and operated the “Snake” malware. The system was designed to grab and relay sensitive documents and other related files from hundreds of computers across at least 50 countries, including the United States. Snake also targeted both NATO-member government computers, as well as “the personal computer of a journalist for a U.S. news media company who has reported on the government of the Russian Federation,” according to an FBI affidavit.
Authorities said in a press release that Snake was “Turla’s most sophisticated long-term cyberespionage malware implant.”
The FBI created its own piece of software, dubbed “Perseus,” which would cause “the Snake malware to overwrite its own vital commands,” and erase it from infected computers in the U.S.
“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” Deputy Attorney General Lisa O. Monaco said in a statement.
Over the last 20 years, Snake was constantly updated and could run on Windows, Mac, or Linux machines, authorities said.
The announcement, according to Politico, marks just the third time that the Justice Department has used a so-called “Rule 41” special seizure warrant in order to authorize the deployment of America’s own digital countermeasures.
That rule change was first proposed in 2014 and formally approved by the Supreme Court in 2016. (Last year, the Justice Department announced a similar Rule 41-fueled disruption of a Russian government botnet, and a related operation in 2018.)
In addition to the Tuesday press release, federal authorities also unsealed and published the search and seizure warrant affidavit signed by an FBI agent, asking a judge to authorize the deployment of Perseus. A magistrate judge in Brooklyn, New York, authorized that warrant on May 4.
The affidavit also states that Snake’s operators have compromised “specific computers, sometimes for years at a time.”
Additionally, the National Security Agency, in conjunction with its sister agencies in partner countries, also put out a “Cybersecurity Advisory” to help other nations mitigate damages caused by the Snake infiltration.
“Russian government actors have used this tool for years for intelligence collection,” said Rob Joyce, NSA Director of Cybersecurity, in a statement. “Snake infrastructure has spread around the world. The technical details will help many organizations find and shut down the malware globally.”