What Happened?
Today, May 9, 2023, the US Justice Department has notified
that it has successfully stopped a Russian cyberespionage campaign that has
been going on for a long time. The campaign infected computer networks in many
countries, including the United States. The hackers stole sensitive information
from governments.
Who Did It?
The spying operation was linked to a unit of Russia's
Federal Security Service (FSB). The hackers stole documents from hundreds of
computer systems belonging to governments of NATO members, an unidentified
journalist for a US news organization who reported on Russia, and other select
targets of interest to the Kremlin.
What Did the US Justice Department Say?
The US Justice Department said that the FSB has relied on
the Snake malware to conduct cyberespionage against the United States and its
allies for 20 years. The specific targets were not named in court papers, but
the affected networks were in more than 50 countries. US officials described
the espionage campaign as "very consequential," saying the hackers
had successfully exfiltrated sensitive documents from NATO countries.
What Did the Hackers Do?
The hackers used malicious software known as Snake to
steal data from foreign governments. They routed the stolen data through
compromised computers in the US as a way to cover their tracks. They operated
from a known FSB facility in Ryazan, Russia.
Who Was Affected?
The sectors targeted by the hacking included government
organizations, defense-related organizations, and companies developing
cryptographic hardware. Countries all over the world were affected, including
in Europe, Australia, part of Asia, and North and South America.
What is the Snake?
The Snake implant is considered the most sophisticated
cyber espionage tool designed and used by Center 16 of Russia’s Federal
Security Service (FSB) for long-term intelligence collection on sensitive
targets. To conduct operations using this tool, the FSB created a covert
peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many
systems in this P2P network serve as relay nodes which route disguised
operational traffic to and from Snake implants on the FSB’s ultimate targets.
Snake’s custom communications protocols employ encryption and fragmentation for
confidentiality and are designed to hamper detection and collection efforts.
What Did the US Justice Department Do?
The US Justice Department used a warrant from a federal
judge in Brooklyn to launch a high-tech operation using a specialized tool
called Perseus that caused the malware to effectively self-destruct. Federal
officials said they were confident that the FSB would not be able to
reconstitute the malware implant.
Sources and Additional Information:
https://news.yahoo.com/us-busts-russian-cyber-operation-150254322.html
https://www.cbsnews.com/news/fbi-takes-down-20-year-old-russian-malware-network
No comments:
Post a Comment