The National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected to Russia’s advanced cyber espionage tool Snake in more than 50 countries around the world.
Several intelligence agencies, including the NSA, FBI, CISA, CNMF, CCCS, NCSC-UK, ACSC, and NCSC-NZ, attributed Operation SNAKE to specific forces within Russia’s Federal Security Service (FSB) Center 16. I think.
Cybercriminals reportedly used Snake to retrieve and delete sensitive documents related to international relations and diplomatic communications. They obtained this information from victims in NATO countries.
Read more about Snake: Can we lose the battle against ransomware?
The Snake malware infrastructure was discovered by the United Nations, involving the United States and Russia, on multiple continents including North America, South America, Europe, Africa, Asia, and Australia.
The FSB targeted various industries in the United States, including education, small businesses, media, local government, finance, manufacturing and telecommunications, according to recommendations released by the agency on Tuesday. Snake malware is installed on external infrastructure nodes for further exploitation.
“Russian government officials have been using this tool for intelligence gathering for years,” commented Rob Joyce, the NSA’s director of cybersecurity. “Snake’s infrastructure spans the globe. Technical details help many organizations find and shut down malware worldwide.”
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, called the operation a “historic blow” to the Russian cyber espionage organization.
“The Justice Department has taken off its gloves, and this disruption serves as a precursor to more aggressive actions to come,” Kellerman added.
However, KnowBe4’s data-driven defense evangelist Roger Grimes expressed a moderate opinion on the finding.
“For the past decade or so, law enforcement has taken down similar bots by infiltrating networks and command-and-control servers. It was a limited and temporary disruption until we were able to set up another botnet.”
Nonetheless, these disruptions can lead to the complete dismantling of botnets. This effectively neutralized the malicious infrastructure and completely stopped the perpetrator from creating new infrastructure. This seems to be the case, for example, when the Hive ransomware group was taken down in January.
