International security agencies warn of Russian “Snake” malware threat

Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component of Russian espionage operations conducted by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, according to the security advisory.

Identified in the infrastructure of more than 50 countries in North America, South America, Europe, Africa, Asia and Australia, Snake’s custom communications protocols use encryption and sharding for confidentiality and are designed to make it difficult for detection and collection efforts. Globally, the FSB has used Snake to gather sensitive intelligence from high-priority targets such as government networks, research facilities and journalists.

The warning was issued by the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the US National Cyber ​​Mission Force (CNMF), the UK’s National Cyber ​​Security Centre. (NCSC), the Canadian Center for Cyber ​​Security (CCCS), the Canadian Communications Security Establishment (CSE), the Australian Cyber ​​Security Center (ACSC) and the New Zealand NCSC. It is designed to help organizations understand how Snake works and provides suggested mitigations to help defend against the threat.

The security warning comes on the heels of a separate warning from the UK’s NCSC describing a new class of Russian cyber adversary that threatens critical infrastructure.

Operation MEDUSA neutralizes the Snake malware campaign

On the same day the notice was issued, the US Department of Justice announced the end of a court-authorized operation, codenamed MEDUSA, to disrupt a global peer-to-peer computer network compromised by the Snake malware. Operation MEDUSA disabled the Snake malware on compromised computers using a tool created by the FBI called PERSEUS, which issued commands that caused the Snake malware to overwrite its own vital components.

“Today’s announcement demonstrates the FBI’s willingness and ability to combine our authorities and technical capabilities with those of our global partners to disrupt malicious cyber actors,” said Deputy Director Bryan Vorndran of the FBI’s Cyber ​​Division. ‘FBI. “When it comes to combating Russia’s attempts to target the US and our allies using sophisticated cyber tools, we will not relent in our work to dismantle these efforts.”

Copyright © 2023 IDG Communications, Inc.

Source link
International security agencies are warning of a new malware threat, dubbed “Snake” by intelligence services, originating from Russian cybercriminals. This malware is designed to exploit vulnerabilities in government and critical infrastructure networks and is known to have successfully infiltrated a number of networks so far.

Developed by the recently formed “MoneyTaker” criminal group, Snake is able to move through the target’s networks and extract sensitive data stored on the system or even inject malicious code allowing the MoneyTaker group to use the system in future attacks.

As reported by the APT Trends report by Pacific Northwest National Laboratory (PNNL), due to its sophisticated nature, this malware has already been able to sneak past many security systems, even ones running well known security solutions such as McAfee. Though more traditional threat detection and prevention methods may have missed it, more advanced security solutions may be able to detect and even block the threat.

Ikaroa, a full-stack tech company, specializes in security solutions that provide real-time, proactive protection which can identify and neutralize malicious threats such as this Russian ‘Snake’ malware. With fully managed security operations, complete with threat intelligence and automated reporting, we can help organizations keep their operations safe from advanced threats.

To keep your organization secure from this and other advanced threats, ensure that you are taking the necessary steps to secure your systems and data, such as deploying the latest security patches, updating your operating system, and running periodic vulnerability scans. You’ll also want to consider a multi-layered, end-to-end security solution to protect against not only malware threats but also ransomware attacks, phishing campaigns, and other malicious activities.

By implementing the right security strategy and solutions, such as those provided by Ikaroa, organizations can protect themselves against the Russian “Snake” malware and other sophisticated threats. All it takes is a combination of solutions and processes that can help detect and contain the threat, quickly and before any damage is done.


Leave a Reply

Your email address will not be published. Required fields are marked *