The Russian Federal Security Service (FSB) used a cyberespionage tool, Snake, to penetrate a worldwide network, which the U.S. government disrupted on Tuesday.
The creation of Snake, labeled the “most sophisticated cyber espionage tool,” is attributed by the United States government to a unit under Centre 16 of the FSB. Turla is a Russian state-sponsored organization known as Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug.
The threat actor has a history of concentrating heavily on organizations in Europe, the Commonwealth of Independent States (CIS), and nations that are members of NATO.
Recent activity has seen the threat actor’s footprint expand to include Middle Eastern countries that are seen as a threat to countries that Russia supports in the region.
The malware was directed to overwrite its own vital components on infected machines as part of Operation MEDUSA, which was carried out with the aid of a tool developed by the U.S. Federal Bureau of Investigation (FBI) and given the codename PERSEUS.
According to the agency, the self-destruct instructions allowed the Snake implant to destroy itself without impacting the host computer or any legitimate software running on the machine.
They were designed after decrypting and encrypting the malware’s network interactions.