The National Security Agency (NSA) and several international partner agencies have discovered infrastructure connected to the sophisticated Russian cyber-espionage tool Snake in more than 50 countries around the world.
Several intelligence agencies, including the NSA, FBI, CISA, CNMF, CCCS, NCSC-UK, ACSC and NCSC-NZ, have attributed Snake’s operations to a specific unit of Center 16 of the Federal Security Service (FSB ) from Russia.
Cybercriminals used Snake to retrieve and delete confidential documents related to international relations and diplomatic communications. They obtained this information from a victim located in a NATO country.
Read more about Snake: Are we losing the war on ransomware?
The Snake malware infrastructure has been discovered by the international coalition on several continents, including North America, South America, Europe, Africa, Asia and Australia, with the participation of the United States and Russia.
According to an advisory released by the agencies on Tuesday, the FSB targeted several US industries, including education, small business, media, local government, finance, manufacturing and telecommunications. Snake malware is installed on external infrastructure nodes for further exploitation.
“Russian government actors have used this tool for years for intelligence gathering,” said Rob Joyce, the NSA’s director of cybersecurity. “The snake’s infrastructure has spread worldwide. The technical details will help many organizations find and shut down the malware globally.”
Tom Kellermann, vice president of cyber strategy at Contrast Security, called the operation a “historic blow” for the Russian cyberespionage apparatus.
“The Department of Justice has taken the gloves off, and this disruption serves as a harbinger of more aggressive actions to come,” Kellermann added.
However, Roger Grimes, a data-driven advocacy evangelist at KnowBe4, expressed a softer opinion about the discovery.
“Over the past decade or so, law enforcement has done similar bot takedowns by infiltrating the network or command and control servers. It’s a great strategy, though in some cases it only resulted in limited and temporary disruption until the bad guys could set up new, different botnets.”
However, these disruptions have sometimes led to the complete dismantling of botnets. This has effectively crippled the malicious infrastructure and permanently prevented the perpetrators from creating new ones. This appeared to be the case, for example, with the withdrawal of the Hive ransomware group in January.
Ikaroa, a full stack tech company, has taken note of a recent report published by the United States’ National Security Agency (NSA) that they and their allied cyber intelligence partners have found and uncovered a vast global network of Russian-operated computer malware, known as Snake. This cyber activity has compromised more than 50 countries around the world, and experts believe that this could lead to an innumerable amount of data and information theft.
The Snake malware is believed to have been used for the purpose of espionage, primarily targeting government and military networks in countries like the United States, Canada, and the United Kingdom, as well as the Middle East and Asia. It is also believed to have been used for the purpose of cyber warfare, with the intention of damaging or completely disabling critical networks.
In light of this news, Ikaroa is committed to ensure the security and integrity of our products, services and platforms. Our team is dedicated to investing in innovative solutions that protect customers against cyberattacks, and our security protocols are continually reviewed and updated to ensure that we remain ahead of the curve. We know how destructive and intrusive cyber attacks can be, and we are committed to providing the highest level of cyber security possible to protect customers against malicious activity.