Here’s one more strike against snakes. The virtual kind, that is.
The U.S. Justice Department said on Tuesday that it took down a global network of malicious software called “Snake,” that Russian agents used for nearly 20 years to spy on the United States and its allies.
Investigators turned the Snake malware against itself, causing the malware to overwrite its own vital components.
Officials said a unit within Russia’s Federal Security Service, or FSB, used the Snake software to steal sensitive documents from hundreds of compromised computer networks in at least 50 countries.
READ MORE from Soldier of Fortune about Russian operations against the United States
The hacked computers belonged to NATO member governments, journalists, and other targets of interest to the Russian government, officials said.
Snake-infected computers in the United States and around the world served as conduits for funneling the stolen data back to Russia.
The Justice Department called Snake the “FSB’s premiere cyberespionage malware implant.”
“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” Attorney General Merrick Garland said in a statement. “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”
The FBI dismantled the Snake network with a court-approved operation dubbed MEDUSA, the Justice Department said.
The operation disabled the Snake malware on compromised computers with an FBI-created tool named PERSEUS.
The bureau is working with authorities in other countries to notify other victims of Snake infections, officials said.
The FBI has been tracking Snake and related malware tools for nearly two decades, developing the ability to decrypt and decode Snake communications.
Deputy Attorney General Lisa Monaco said the takedown “has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives.”
“By combining this action with the release of the information victims need to protect themselves, the Justice Department continues to put victims at the center of our cybercrime work and take the fight to malicious cyber actors,” Monaco said in a statement.
Court documents released on Tuesday detailed how the FSB unit, known as Turla, deployed Snake from a known FSB facility in Ryazan, Russia, to conduct daily espionage operations.
The unit has repeatedly upgraded and revised the malware to ensure it remains “Turla’s most sophisticated long-term cyberespionage malware implant,” the Justice Department said.