U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide

[[correlate]]

Content source

https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3389044/us-agencies-and-allies-partner-to-identify-russian-snake-malware-inf

FORT MEADE, Md. - The National Security Agency (NSA) and several partner agencies have identified infrastructure for Snake malware—a sophisticated Russian cyberespionage tool—in over 50 countries worldwide.
To assist network defenders in detecting Snake and any associated activity, the agencies are publicly releasing the joint Cybersecurity Advisory (CSA), “Hunting Russian Intelligence “Snake” Malware” today.
The agencies, which include the NSA, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Cyber National Mission Force (CNMF), Canadian Cyber Security Centre (CCCS), United Kingdom National Cyber Security Centre (NCSC-UK), Australian Cyber Security Centre (ACSC), and New Zealand National Cyber Security Centre (NCSC-NZ) attribute Snake operations to a known unit within Center 16 of Russia’s Federal Security Service (FSB). The international coalition has identified Snake malware infrastructure across North America, South America, Europe, Africa, Asia, and Australia, including the United States and Russia.
“Russian government actors have used this tool for years for intelligence collection,” said Rob Joyce, NSA Director of Cybersecurity. “Snake infrastructure has spread around the world. The technical details will help many organizations find and shut down the malware globally.”

U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwid

The National Security Agency (NSA) and several partner agencies have identified infrastructure for Snake malware—a sophisticated Russian cyberespionage tool—in over 50 countries worldwide.

www.nsa.gov

 

[LASER_oneXM]

FBI nukes Russian Snake data theft malware with self-destruct command

Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia's Federal Security Service (FSB).

www.bleepingcomputer.com

Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia's Federal Security Service (FSB).

The development of the Snake malware started under the name "Uroburos" in late 2003, while the first versions of the implant were seemingly finalized by early 2004, with Russian state hackers deploying the malware in attacks immediately after.

The malware is linked to a unit within Center 16 of the FSB, the notorious Russian Turla hacking group, and was disrupted following a coordinated effort named Operation MEDUSA.
Among the computers ensnared in the Snake peer-to-peer botnet, the FBI also found devices belonging to NATO member governments.