FBI is releasing Russian malware web that beat partners and journalists computers

May 10, 2023: The Federal Bureau of Investigation disrupted a Russian government-controlled malware network that compromised hundreds of computers belonging to NATO-member governments and other Russian targets of interest, including journalists, the Justice Department said Tuesday.

The disruption effort, called Operation Medusa, took the malware offline on or about May 8.

A unit within Russia’s Federal Security Bureau, the successor to the Soviet Union-era KGB, developed and deployed a malware codenamed Snake as far back as 2004, a federal search warrant request shows. The unit, Turla, used the malware to selectively target high-value devices used by allied foreign ministries and governments.

The software could record every keystroke a victim made, a capacity is known as keylogging, and send it back to Turla’s control centre.

In at least one case, Turla used the Snake malware to infiltrate a personal computer belonging to a journalist at a U.S. media outlet who reported on Russia’s government.

The Justice Department cited Snake’s status as Russia’s “premier long-term cyberespionage malware.” Disrupting the malware was part of an effort by U.S. law enforcement to protect victims around the world.

“We will continue to strengthen our collective defences against the Russian regime’s destabilizing efforts to undermine the security of the U.S. and allies,” Attorney General Merrick Garland stated.

Snake’s targeted capacities fed Russian intelligence vast amounts of information until U.S. law enforcement took down the network on Monday.

The Snake could also snoop and compromise a victim’s Internet activity, inserting itself into the data that a victim’s computer sent online. Turla’s malware was able to operate effectively undetected by victims for nearly two decades, even as federal law enforcement monitored and pursued the Russian intelligence unit behind Snake.

Federal researchers and counterintelligence agents could reverse-engineer Snake and build software to disable the malware. The software was codenamed Perseus and was deployed in a synchronized operation earlier this week with the cooperation of other foreign governments.

“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” Deputy Attorney General Lisa Monaco said in a statement.