Operation Medusa: US shuts down Russian cyber-espionage Snake network

May 10, 2023 Rob Abruzzese
Share this:

The United States Justice Department announced the successful completion of a court-authorized operation, dubbed Operation MEDUSA, which claims to have successfully disrupted a global peer-to-peer network of computers infected by the sophisticated Snake malware.

This malware, attributed to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB), has been used for nearly two decades to steal sensitive documents from hundreds of computer systems in at least 50 countries, including NATO member governments, journalists, and other targets of interest to the Russian Federation.

“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes,” said Breon Peace, U.S. Attorney for the Eastern District of New York.

News for those who live, work and play in Brooklyn and beyond

“Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies. The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”

The FBI, working in collaboration with the U.S. Attorney’s Office for the EDNY and multiple foreign governments, neutralized the FSB’s premier cyberespionage malware implant using an FBI-created tool called PERSEUS. This tool effectively disabled the Snake malware on compromised computers, causing it to overwrite its own vital components.

Attorney General Merrick Garland highlighted the collaborative effort of the Justice Department and international partners in dismantling this global malware network.

The FBI and other U.S. agencies, along with six other intelligence and cybersecurity agencies from each of the Five Eyes member nations, have issued a joint cybersecurity advisory providing detailed technical information about the Snake malware. This information will enable cybersecurity professionals worldwide to detect and remediate Snake malware infections on their networks.

While Operation MEDUSA successfully disabled the Snake malware on compromised computers, victims are encouraged to take additional steps to protect themselves from further harm. The Department of Justice strongly recommends network defenders review the joint advisory for guidance on detection and patching.

The criminal investigation into the FSB’s use of the Snake malware is ongoing, with the U.S. Attorney’s Office for the Eastern District of New York and the National Security Division’s Counterintelligence and Export Control Section leading the efforts.

Leave a Comment

Leave a Comment