The U.S. Department of Justice has another feather in its cyberwarfare cap after taking down the cybercrime network of Turla, a criminal gang linked to Russia called one of the world’s most sophisticated cyber-espionage groups.
Federal officials on Tuesday announced that cybersecurity and intelligence agencies from all Five Eyes member nations have taken down the infrastructure used by the Snake cyber-espionage malware operated by Russia’s Federal Security Service (FSB).
The DOJ also reported neutralizing the Snake malware the group used. Reports claim it was found on computers in 50 countries and previously labeled by U.S. intelligence as “one of the most sophisticated malware sets used by the Russian intelligence services.”
Malicious cyber actors used Snake to access and exfiltrate sensitive international relations documents and other diplomatic communications through a victim in a NATO country. In the U.S., the FSB has victimized industries, including educational institutions, small businesses, and media organizations.
Critical infrastructure sectors, such as local government, finance, manufacturing, and telecommunications, have also been impacted, according to Cybersecurity & Infrastructure Security Agency (CISA) reports. CISA is the lead agency responsible for protecting the nation’s critical infrastructure from physical and cyber threats.
The takedown announcement surprised some cybersecurity experts due to its aging nature. The FSB was still using Snake until the takedown. The Snake backdoor is an old framework that was developed in 2003 and multiple times linked to the FSB by many security vendors, according to Frank van Oeveren, manager, Threat Intelligence & Security Research at Fox-IT, part of NCC Group.
“Normally, you would expect the nation-state actors would burn the framework and start developing something new. But Snake itself is sophisticated and well put together, which shows how much time and money was spent in developing the framework,” he told TechNewsWorld.
“For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies — that ends today,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
Clearly, the operators of the Snake backdoor made some mistakes. That is often how cyber sleuths succeed in takedowns, noted van Oeveren.
“Over the years, multiple takedowns were performed on Russian Intelligence Service’s backdoors/botnets, which shows a certain degree of amateurism. But Turla has shown their skills and creativity [throughout], and this should not be underestimated,” he said.
According to NCC Group’s Fox-IT team, the Snake backdoor is only used for high-profile targets, such as governments, the public sector, or organizations working closely with these two.
“This backdoor is purely used for espionage and staying under the radar as long as possible,” he said.
A few years back, van Oeveren’s security team worked on an incident response case where the Snake malware was observed. During this case, Turla stayed undetected for a few years and was only found by pure luck, explained van Oeveren. The backdoor was used to exfiltrate sensitive documents related to the victim’s organization.
“Turla will most likely continue with a different framework, but it is always a surprise what the group will do,” he offered.
In recent times, the Russian Intelligence Service has created multiple backdoors in different programming languages, van Oeveren noted. This shows the willpower to develop new tools for their operations, and he expects they will now develop a similar toolkit in a different programming language.
“Don’t underestimate the group using the Snake backdoor. As we have seen before, it is persistent and usually goes undetected for many years prior to being discovered on a target network,” he warned.
Snake victims should always tackle Snake/Turla compromises with renowned incident response firms. He warned that these attacks and the backdoor usage are too sophisticated to handle on your own.
Organizations can take several steps to protect themselves from malware attacks like the Snake Malware, advised James Lively, endpoint security research specialist at Tanium. These efforts include ensuring that the organization has an accurate inventory of assets, that systems are patched and updated, phishing campaigns and training are undertaken, and that strong access controls are implemented.
“International cooperation can also be improved to tackle cybercrime by encouraging information sharing and signing agreements and NDAs and performing joint investigations,” he told TechNewsWorld.
The biggest cybersecurity threat facing organizations today is insider threat. Organizations can do little to prevent a disgruntled employee or someone with elevated access from causing catastrophic damage.
“To combat this threat, organizations should look to limit access to resources and assign the minimum number of permissions to users that they require to perform their duties,” Lively suggested.
The major lesson to be learned from the disruption of the Snake malware network is that it only takes one unpatched system or one untrained user to click a phishing link to compromise an entire organization, he explained. Low-hanging fruit or taking the route with the least resistance is often the first avenue an attacker targets.
“A prime example of this is an old unpatched system that is public facing to the internet and has been forgotten about by the organization,” he offered as an example.
Taking down an extensive network run by a state-level security agency is, no doubt, a major undertaking. But even with that, it is still surprising that the Snake malware was able to operate for as long as it did, observed Mike Parkin, senior technical engineer at enterprise cyber risk remediation firm Vulcan Cyber.
Threat actors can use many different attack vectors to land their malware payloads, so there is never just one thing. That said, user education is vital as an organization’s users are its broadest and most complex threat surface.
Organizations also need to ensure their operating systems and applications are kept up to date with a consistent and effective patch program — and being sure that applications are deployed to industry best practices with secure configurations is a necessity, too, according to Parkin.
“Dealing with international politics and geopolitical issues, it can be a real challenge to cooperate across borders effectively. Most Western countries can work together, though jurisdictional challenges often get in the way. And getting cooperation from nations that can be uncooperative at best and actively hostile at worst can make it impossible to deal with some threat actors,” he told TechNewsWorld.
Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.
Please sign in to post or reply to a comment. New users create a free account.
Yes – to help ensure fairness and objectivity.
Yes – but humans must always have the final say.
No – using tech disrupts the natural game flow.
No – the chance of human error adds excitement to sports.
Doesn’t matter to me, I don’t watch sports.
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/Ubuntu-Lunar-Lobster.jpg
Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor
Ubuntu 23.04 ‘Lunar Lobster’ Lands With Newly Minted Cinnamon Desktop Flavor
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Sonos-Era-300.jpg
Sonos Bets on Spatial Audio as a Key Brand Differentiator
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/Apple-Mac-Mini-M2-M2-Pro.jpg
Mac Mini, MacBook Pro Refreshed With Latest Apple Silicon
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/12/server-racks-data-center.jpg
Are Mainframes an Indicator of Banking Reliability?
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/05/bartender.jpg
Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/remote-worker.jpg
Personal Data Harvesting and How To Reduce Your Digital Footprint
Personal Data Harvesting and How To Reduce Your Digital Footprint
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/open-source-pen-1.jpg
Business Conditions Prime for More Open-Source Contributors
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/05/computer-user-perplexed.jpg
Clickbait News Sites Turn to AI for Content
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/ai-robot.jpg
The AI Revolution Is at a Tipping Point
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/student-computer.jpg
EdTech Developer’s Study Game Approach Aces Med School Testing Curve
EdTech Developer’s Study Game Approach Aces Med School Testing Curve
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/ai-cybersecurity-lock.jpg
Researchers Instantly Crack Simple Passwords With AI
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/HP-Amplify.jpg
HP Affirms ‘Better Together’ at Its Amplify Event
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/telehealth-provider.jpg
Digital Health Care Flourishing Despite Legal, Logistical Hurdles
Digital Health Care Flourishing Despite Legal, Logistical Hurdles
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/smart-home-2-story.jpg
Leverage the Power of Data To Monitor Home Energy Efficiency
Leverage the Power of Data To Monitor Home Energy Efficiency
https://www.technewsworld.com/wp-content/uploads/sites/3/2021/04/internet-user.jpg
Tips To Help Mask Your Identity Online
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/iot.jpg
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/business-meeting-1.jpg
Generative AI Is Here: Forrester Offers Tech Execs Tips on Next Steps
Generative AI Is Here: Forrester Offers Tech Execs Tips on Next Steps
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/cyberwarfare-3.jpg
Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack
Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/pet-app.jpg
Leaky Pet App Dilemma Can Lead to Serious Cybersecurity Problems
Leaky Pet App Dilemma Can Lead to Serious Cybersecurity Problems
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/computer-dual-monitors.jpg
New Distro Makes Running Arch Linux Very ‘Cachy’
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/phone-charging-station.jpg
FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
FBI Issues Warning About ‘Juice Jacking’ at Public USB Charging Stations
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/AnkerWork-SR500-Speakerphone.jpg
AnkerWork SR500 Speakerphone: Near Nirvana for PC Use, Phones Heck No
AnkerWork SR500 Speakerphone: Near Nirvana for PC Use, Phones Heck No
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/online-psychology.jpg
Is ChatGPT Smart Enough To Practice Mental Health Therapy?
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Bard-wait-list.jpg
Google Invites Public To Test Drive Its AI Chatbot Bard
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/ThinkStation-P7.jpg
Lenovo Builds a Workstation James Bond Would Love
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/Bark-app.jpg
Bark and Calix Partner To Combat Cyberbullying
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/Silicon-Valley-Bank.jpg
Social Media Fueled the Run on Silicon Valley Bank: Study
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/Space-BACN.jpg
DARPA Moves Forward With Project To Revolutionize Satellite Communication
DARPA Moves Forward With Project To Revolutionize Satellite Communication
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/04/vr-female.jpg
Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
Gen AI and AR/VR: Unintended Consequences, Unproven Mainstream Appeal
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/11/Holiday-Shopping-Couple-1.jpg
Mozilla Releases Gift Guide With Privacy in Mind
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/03/AI-chip.jpg
3 Big Generative AI Problems Yet To Be Addressed
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/01/legal-gavel.jpg
Meta Lowers Legal Hammer on Law Enforcement Data Scraper
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/evs-charging.jpg
Study Finds EV Battery Replacement Rare, Most Covered by Warranty
Study Finds EV Battery Replacement Rare, Most Covered by Warranty
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/08/metaverse-future.jpg
Why Nvidia Is Winning the Race To Dominate the Metaverse
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/apple-airpods.jpg
Health Features Could Be in AirPods’ Future
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/11/female-soldier-soluting.jpg
Female Army Veteran Uses Tech To Help Create a Better Future
Female Army Veteran Uses Tech To Help Create a Better Future
Copyright 1998-2023 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.