![]() Snake is typically deployed to external-facing infrastructure nodes on a network, and from there uses other tools and tactics, techniques, and procedures (TTPs) on the internal network to conduct additional exploitation operations, the advisory continued. “The uniquely sophisticated aspects of Snake represent significant effort by the FSB over many years to enable this type of covert access.” Snake often deployed to external-facing infrastructure nodes The FSB has also implemented new techniques to help Snake evade detection, with the effectiveness of the cyber espionage implant depending on its long-term stealth to provide consistent access to important intelligence. Lastly, Snake demonstrates careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity.” Second, Snake’s internal technical architecture allows for easy incorporation of new or replacement components. “First, Snake employs means to achieve a rare level of stealth in its host components and network communications. Snake is considered the most sophisticated cyber espionage tool in the FSB’s arsenal, stemming from three principal areas, the advisory read. “When it comes to combating Russia’s attempts to target the US and our allies using complex cyber tools, we will not waver in our work to dismantle those efforts.” Snake malware’s sophistication stems from three principal areas “Today’s announcement demonstrates the FBI’s willingness and ability to pair our authorities and technical capabilities with those of our global partners to disrupt malicious cyber actors,” said assistant director Bryan Vorndran of the FBI’s Cyber Division. ![]() Operation MEDUSA disabled Snake malware on compromised computers using an FBI-created tool named PERSEUS, which issued commands that caused the Snake malware to overwrite its own vital components. On the same day the advisory was published, the US Justice Department announced the completion of a court-authorized operation, code-named MEDUSA, to disrupt a global peer-to-peer network of computers compromised by Snake malware. Operation MEDUSA neutralizes Snake malware campaign The security notice comes in the wake of a separate warning from the UK NCSC outlining a new class of Russian cyber adversary threatening critical infrastructure. ![]() It is designed to help organizations understand how Snake operates and provides suggested mitigations to help defend against the threat. The advisory was published by the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), US Cyber National Mission Force (CNMF), the UK National Cyber Security Center (NCSC), the Canadian Centre for Cyber Security (CCCS), the Canadian Communications Security Establishment (CSE), the Australian Cyber Security Centre (ACSC), and the New Zealand NCSC. Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets such as government networks, research facilities, and journalists. ![]() Identified in infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, according to the security notice. Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets.
0 Comments
Leave a Reply. |