US-led ‘Five Eyes’ alliance dismantled Russia’s ‘premier espionage cyber-tool’
May 11, 2023 3 Comments
AN ESPIONAGE TOOL DESCRIBED by Western officials as the most advanced in the Russian cyber-arsenal has been neutralized after a 20-year operation by intelligence agencies in the United States, Australia, Canada, the United Kingdom and New Zealand. The operation targeted Turla, a hacker group that cyber-security experts have long associated with the Russian government.
Turla is believed to be made up of officers from Center 16, a signals intelligence unit of Russia’s Federal Security Service (FSB), one of the Soviet-era KGB’s successor agencies. Since its appearance in 2003, Turla has used a highly sophisticated malware dubbed ‘Snake’ to infect thousands of computer systems in over 50 countries around the world. Turla’s victims include highly sensitive government computer networks in the United States, including those of the Department of Defense, the National Aeronautics and Space Administration, and the United States Central Command.
The Snake malware has also been found in computers of privately owned firms, especially those belonging to various critical infrastructure sectors, such as financial services, government facilities, electronics manufacturing, telecommunications and healthcare. For over two decades, the Snake malware used thousands of compromised computers throughout the West as nodes in complex peer-to-peer networks. By siphoning information through these networks, the Turla hackers were able to mask the location from where they launched their attacks.
On Tuesday, however, the United States Department of Justice announced that the Federal Bureau of Investigation (FBI), along with its counterparts in the United States-led ‘Five Eyes’ intelligence-sharing alliance, had managed to dismantle Snake. This effort, codenamed Operation MEDUSA, was reportedly launched nearly 20 years ago with the goal of neutralizing the Snake malware. In the process, Five Eyes cyber-defense experts managed to locate Turla’s facilities in Moscow, as well as in Ryazan, an industrial center located about 120 miles southeast of the Russian capital.
The complex cyber-defense operation culminated with the development of an anti-malware tool that the FBI dubbed PERSEUS. According to the Department of Justice’s announcement, PERSEUS was designed to impersonate the Turla operators of Snake. In doing so, it was able to take over Snake’s command-and-control functions. Essentially, PERSEUS hacked into Snake and instructed the malware to self-delete from the computers it had compromised. As of this week, therefore, the worldwide peer-to-peer network that Snake had painstakingly created over two decades, has ceased to exist, as has Snake itself.
► Author: Joseph Fitsanakis | Date: 11 May 2023 | Permalink
intelNews.org 
Well done the DoJ. I often wonder would have happened with the DoJ had not stepped in a few years back and stopped Bezos’ $10 billion deal with the DoD going ‘live’ direct to Moscow. There’s a story to be told there, eventually.
Viva la NSA! Another win for Western intelligence against Putin’s forces of evil.
Really Joseph, surely you could have dropped a “and the snake that the Russian had spent 20 years creating was made to consume itself, the snake eating the snake…..”
Something like that.