The US Federal Bureau of Investigation (FBI) has neutralized Russian intelligence agency malware (malware) used to steal government documents from 50 countries, including North Atlantic Treaty Organization (NATO) allies, over the past 20 years, the Wall Street Journal (WSJ and CBS) said. The broadcast reported on the 9th (local time).
The WSJ said the operation cut off the activities of Russia’s leading and oldest cyber espionage group, known for stealing large amounts of American secrets.
The operation, which took place on the 8th, is the latest case in which the FBI has infiltrated Russian or Chinese systems to block cyberattacks. The FBI confirmed that Turia’s team was working at an FSB facility in Ryazan near Moscow.
According to an affidavit filed by the FBI in a federal court in Brooklyn, the FBI uncovered long-running cyber espionage activities by a division of the Russian Federal Security Service (FSB) called “Turla.”
The team stole documents from foreign defense and foreign ministries and journalists and transferred them through virus-infected computers in the United States to erase traces. The malware they used is called “Snake”.
FBI agents found snake-infected computers in Oregon, South Carolina and Connecticut and disabled them permanently, rendering them inoperable.
In what is known as “Operation Medusa,” the FBI used software called “Perseus” to cause Snake to self-destruct.
“A high-tech operation allowed the Russian malware to attack itself and neutralize it,” said US Deputy Attorney General Lisa Monaco.
U.S. officials have confirmed that Snake is Russia’s best espionage tool, and they believe the move will prevent Russian intelligence agencies from recovering Snake.
The Turla team infected Snake on a NATO member’s foreign ministry computer between 2015 and 2017, and the FBI intercepted communications between the infected computer and the US State Department computer to determine that Turia was stealing internal UN and NATO documents.
Meanwhile, Team Turla has been ramping up hacking attacks against Ukraine and its allies in recent months. In this attack, instead of phishing methods such as e-mail infection, the Turla team used a method that was used decades ago, infecting malware by inserting a USB into a computer. Turla’s team also infected the personal computer of an American journalist responsible for reporting on the Russian government.
According to cybersecurity experts, Russia’s Turla team has been active for more than 25 years, including infiltrating secret networks used by defense companies and government agencies, including the US Department of Defense, in the late 1990s.
Source: Donga
Mark Jones is a world traveler and journalist for News Rebeat. With a curious mind and a love of adventure, Mark brings a unique perspective to the latest global events and provides in-depth and thought-provoking coverage of the world at large.