Home Technology DOJ, Five Eyes Nations Unite To Dismantle Russian Cyber-Espionage Network

DOJ, Five Eyes Nations Unite To Dismantle Russian Cyber-Espionage Network

by news

The U.S. Department of Justice has another feather in its cyberwarfare cap after taking down the cybercrime network of Turla, a criminal gang linked to Russia called one of the world’s most sophisticated cyber-espionage groups.
Federal officials on Tuesday announced that cybersecurity and intelligence agencies from all Five Eyes member nations have taken down the infrastructure used by the Snake cyber-espionage malware operated by Russia’s Federal Security Service (FSB).
The DOJ also reported neutralizing the Snake malware the group used. Reports claim it was found on computers in 50 countries and previously labeled by U.S. intelligence as “one of the most sophisticated malware sets used by the Russian intelligence services.”
Malicious cyber actors used Snake to access and exfiltrate sensitive international relations documents and other diplomatic communications through a victim in a NATO country. In the U.S., the FSB has victimized industries, including educational institutions, small businesses, and media organizations.
Critical infrastructure sectors, such as local government, finance, manufacturing, and telecommunications, have also been impacted, according to Cybersecurity & Infrastructure Security Agency (CISA) reports. CISA is the lead agency responsible for protecting the nation’s critical infrastructure from physical and cyber threats.
The takedown announcement surprised some cybersecurity experts due to its aging nature. The FSB was still using Snake until the takedown. The Snake backdoor is an old framework that was developed in 2003 and multiple times linked to the FSB by many security vendors, according to Frank van Oeveren, manager, Threat Intelligence & Security Research at Fox-IT, part of NCC Group.
“Normally, you would expect the nation-state actors would burn the framework and start developing something new. But Snake itself is sophisticated and well put together, which shows how much time and money was spent in developing the framework,” he told TechNewsWorld.
“For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies — that ends today,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
Clearly, the operators of the Snake backdoor made some mistakes. That is often how cyber sleuths succeed in takedowns, noted van Oeveren.


“Over the years, multiple takedowns were performed on Russian Intelligence Service’s backdoors/botnets, which shows a certain degree of amateurism. But Turla has shown their skills and creativity [throughout], and this should not be underestimated,” he said.
According to NCC Group’s Fox-IT team, the Snake backdoor is only used for high-profile targets, such as governments, the public sector, or organizations working closely with these two.
“This backdoor is purely used for espionage and staying under the radar as long as possible,” he said.
A few years back, van Oeveren’s security team worked on an incident response case where the Snake malware was observed. During this case, Turla stayed undetected for a few years and was only found by pure luck, explained van Oeveren. The backdoor was used to exfiltrate sensitive documents related to the victim’s organization.
“Turla will most likely continue with a different framework, but it is always a surprise what the group will do,” he offered.
In recent times, the Russian Intelligence Service has created multiple backdoors in different programming languages, van Oeveren noted. This shows the willpower to develop new tools for their operations, and he expects they will now develop a similar toolkit in a different programming language.
“Don’t underestimate the group using the Snake backdoor. As we have seen before, it is persistent and usually goes undetected for many years prior to being discovered on a target network,” he warned.
Snake victims should always tackle Snake/Turla compromises with renowned incident response firms. He warned that these attacks and the backdoor usage are too sophisticated to handle on your own.
Organizations can take several steps to protect themselves from malware attacks like the Snake Malware, advised James Lively, endpoint security research specialist at Tanium. These efforts include ensuring that the organization has an accurate inventory of assets, that systems are patched and updated, phishing campaigns and training are undertaken, and that strong access controls are implemented.
“International cooperation can also be improved to tackle cybercrime by encouraging information sharing and signing agreements and NDAs and performing joint investigations,” he told TechNewsWorld.
The biggest cybersecurity threat facing organizations today is insider threat. Organizations can do little to prevent a disgruntled employee or someone with elevated access from causing catastrophic damage.
“To combat this threat, organizations should look to limit access to resources and assign the minimum number of permissions to users that they require to perform their duties,” Lively suggested.

The major lesson to be learned from the disruption of the Snake malware network is that it only takes one unpatched system or one untrained user to click a phishing link to compromise an entire organization, he explained. Low-hanging fruit or taking the route with the least resistance is often the first avenue an attacker targets.
“A prime example of this is an old unpatched system that is public facing to the internet and has been forgotten about by the organization,” he offered as an example.
Taking down an extensive network run by a state-level security agency is, no doubt, a major undertaking. But even with that, it is still surprising that the Snake malware was able to operate for as long as it did, observed Mike Parkin, senior technical engineer at enterprise cyber risk remediation firm Vulcan Cyber.
Threat actors can use many different attack vectors to land their malware payloads, so there is never just one thing. That said, user education is vital as an organization’s users are its broadest and most complex threat surface.
Organizations also need to ensure their operating systems and applications are kept up to date with a consistent and effective patch program — and being sure that applications are deployed to industry best practices with secure configurations is a necessity, too, according to Parkin.
“Dealing with international politics and geopolitical issues, it can be a real challenge to cooperate across borders effectively. Most Western countries can work together, though jurisdictional challenges often get in the way. And getting cooperation from nations that can be uncooperative at best and actively hostile at worst can make it impossible to deal with some threat actors,” he told TechNewsWorld.
Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.
Please sign in to post or reply to a comment. New users create a free account.

Should technology play a larger role in officiating sports events?
– select up to two –
Loading ... Loading …




Yes – to help ensure fairness and objectivity.
Yes – but humans must always have the final say.
No – using tech disrupts the natural game flow.
No – the chance of human error adds excitement to sports.
Doesn’t matter to me, I don’t watch sports.
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/Ubuntu-Lunar-Lobster.jpg

Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor


Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Sonos-Era-300.jpg

Sonos Bets on Spatial Audio as a Key Brand Differentiator


Sonos Bets on Spatial Audio as a Key Brand Differentiator
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/Apple-Mac-Mini-M2-M2-Pro.jpg

Mac Mini, MacBook Pro Refreshed With Latest Apple Silicon


Mac Mini, MacBook Pro Refreshed With Latest Apple Silicon
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/12/server-racks-data-center.jpg

Are Mainframes an Indicator of Banking Reliability?


Are Mainframes an Indicator of Banking Reliability?
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/05/bartender.jpg

Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?


Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/remote-worker.jpg

Personal Data Harvesting and How To Reduce Your Digital Footprint


Personal Data Harvesting and How To Reduce Your Digital Footprint
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/open-source-pen-1.jpg

Business Conditions Prime for More Open-Source Contributors


Business Conditions Prime for More Open-Source Contributors
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/05/computer-user-perplexed.jpg

Clickbait News Sites Turn to AI for Content


Clickbait News Sites Turn to AI for Content
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/ai-robot.jpg

The AI Revolution Is at a Tipping Point


The AI Revolution Is at a Tipping Point
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/student-computer.jpg

EdTech Developer’s Study Game Approach Aces Med School Testing Curve


EdTech Developer’s Study Game Approach Aces Med School Testing Curve
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/ai-cybersecurity-lock.jpg

Researchers Instantly Crack Simple Passwords With AI


Researchers Instantly Crack Simple Passwords With AI
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/HP-Amplify.jpg

HP Affirms ‘Better Together’ at Its Amplify Event


HP Affirms ‘Better Together’ at Its Amplify Event
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/telehealth-provider.jpg

Digital Health Care Flourishing Despite Legal, Logistical Hurdles


Digital Health Care Flourishing Despite Legal, Logistical Hurdles
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/smart-home-2-story.jpg

Leverage the Power of Data To Monitor Home Energy Efficiency


Leverage the Power of Data To Monitor Home Energy Efficiency
https://www.technewsworld.com/wp-content/uploads/sites/3/2021/04/internet-user.jpg

Tips To Help Mask Your Identity Online


Tips To Help Mask Your Identity Online
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/iot.jpg

Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security


Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/business-meeting-1.jpg

Generative AI Is Here: Forrester Offers Tech Execs Tips on Next Steps


Generative AI Is Here: Forrester Offers Tech Execs Tips on Next Steps
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/cyberwarfare-3.jpg

Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack


Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/pet-app.jpg

Leaky Pet App Dilemma Can Lead to Serious Cybersecurity Problems


Leaky Pet App Dilemma Can Lead to Serious Cybersecurity Problems
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/computer-dual-monitors.jpg

New Distro Makes Running Arch Linux Very ‘Cachy’


New Distro Makes Running Arch Linux Very ‘Cachy’
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/phone-charging-station.jpg

FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations


FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/AnkerWork-SR500-Speakerphone.jpg

AnkerWork SR500 Speakerphone: Near Nirvana for PC Use, Phones Heck No


AnkerWork SR500 Speakerphone: Near Nirvana for PC Use, Phones Heck No
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/online-psychology.jpg

Is ChatGPT Smart Enough To Practice Mental Health Therapy?


Is ChatGPT Smart Enough To Practice Mental Health Therapy?
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Bard-wait-list.jpg

Google Invites Public To Test Drive Its AI Chatbot Bard


Google Invites Public To Test Drive Its AI Chatbot Bard
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/ThinkStation-P7.jpg

Lenovo Builds a Workstation James Bond Would Love


Lenovo Builds a Workstation James Bond Would Love
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Bark-app.jpg

Bark and Calix Partner To Combat Cyberbullying


Bark and Calix Partner To Combat Cyberbullying
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/Silicon-Valley-Bank.jpg

Social Media Fueled the Run on Silicon Valley Bank: Study


Social Media Fueled the Run on Silicon Valley Bank: Study
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/Space-BACN.jpg

DARPA Moves Forward With Project To Revolutionize Satellite Communication


DARPA Moves Forward With Project To Revolutionize Satellite Communication
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/vr-female.jpg

Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal


Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/11/Holiday-Shopping-Couple-1.jpg

Mozilla Releases Gift Guide With Privacy in Mind


Mozilla Releases Gift Guide With Privacy in Mind
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/AI-chip.jpg

3 Big Generative AI Problems Yet To Be Addressed


3 Big Generative AI Problems Yet To Be Addressed
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/legal-gavel.jpg

Meta Lowers Legal Hammer on Law Enforcement Data Scraper


Meta Lowers Legal Hammer on Law Enforcement Data Scraper
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/evs-charging.jpg

Study Finds EV Battery Replacement Rare, Most Covered by Warranty


Study Finds EV Battery Replacement Rare, Most Covered by Warranty
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/metaverse-future.jpg

Why Nvidia Is Winning the Race To Dominate the Metaverse


Why Nvidia Is Winning the Race To Dominate the Metaverse
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/apple-airpods.jpg

Health Features Could Be in AirPods’ Future


Health Features Could Be in AirPods’ Future
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/11/female-soldier-soluting.jpg

Female Army Veteran Uses Tech To Help Create a Better Future


Female Army Veteran Uses Tech To Help Create a Better Future
Copyright 1998-2023 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.

source

Related Posts