How the US dismantled a malware network used by Russian spies to steal government secrets

The U.S. government said it has disrupted a long-running Russian cyber espionage campaign that stole sensitive information from the U.S. and NATO governments, an operation that took the feds almost 20 years.

The Justice Department announced on Tuesday that an FBI operation successfully dismantled the “Snake” malware network used by Turla, a notorious hacking group long affiliated with Russia’s Federal Security Service (FSB). Turla was previously linked to cyberattack targeting U.S. Central Command, NASA, and the Pentagon.

U.S. officials describe Snake as the “most sophisticated cyber espionage tool in the FSB’s arsenal”.

The DOJ and its global partners identified the Snake malware in hundreds of computer systems in at least 50 countries. Prosecutors said the Russian spies behind the Turla group used the malware to target NATO member states — and other targets of the Russian government — as far back as 2004.

In the United States, the FSB used its sprawling network of Snake-infected computers to target industries including education, small businesses and media organizations, along with critical infrastructure sectors including government facilities, financial services, manufacturing and communications. The FBI said it obtained information indicating that Turla had also used Snake malware to target the personal computer of a journalist at an unnamed U.S. news media company who had reported on the Russian government.

Prosecutors added that Snake persists on a compromised computer’s system “indefinitely,” despite efforts by the victim to neutralize the infection.

After stealing sensitive documents, Turla exfiltrated this information through a covert peer-to-peer network of Snake-compromised computers in the U.S. and other countries, the DOJ said, making the network’s presence harder to detect.

From Brooklyn to Moscow

According to the FBI’s affidavit, U.S. authorities monitored the malware’s spread for several years, along with the Turla hackers who operated Snake from FSB facilities in Moscow and the nearby city of Ryazan.

The FBI said it developed a tool called “Perseus” — the Greek hero who slayed monsters — that allowed its agents to identify network…