FBI takes down Russian malware network used to attack NATO allies

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)

The US Justice Department (DoJ), and the Federal Bureau of Investigation (FBI) has revealed they jointly took down a network of compromised computers used to steal sensitive data from NATO by a known Russian state-sponsored actor for almost 20 years. 

In a press release, the agencies outlined their work, codenamed MEDUSA, authorized by the court, to disrupt a “global peer-to-peer network” of computers infected by Snake.

Snake is an 18-year-old piece of malware, built and maintained by a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB) - also known as Turla. 

Targeting NATO allies

Turla has been using Snake, the document states, to steal sensitive documents from “hundreds of computer systems” belonging to governments, journalists, and other targets. The endpoints were located “in at least 50 countries”, some of which are also members of the North Atlantic Treaty Organization (NATO). 

After stealing the files, Turla would exfiltrate them through a “covert network of unwitting Snake-compromised computers” in the US and elsewhere. 

To take down Snake, the law enforcement agents obtained a sample of the malware, and used it to create a tool named PERSEUS. 

This tool issued a command that caused Snake to overwrite its own vital components. It essentially self-destructed, without affecting any other software, or hardware, components, of the compromised endpoints. 

“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” said Attorney General Merrick B. Garland. “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

Deputy Attorney General Lisa O. Monaco described Snake as “one of Russia’s most sophisticated cyber-espionage tools.”

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
A major FBI operation has deleted Chinese malware from thousands of US computers
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A white padlock on a dark digital background.
A new and dangerous keylogger is on the loose - here's how to stay safe
Russia
Major Russian hacking group shifts focus to US and UK targets
Ransomware
8base ransomware site taken down in global police operation
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)