The United States announced on Tuesday that it has neutralised a Russian spyware called 'Snake,' that was behind numerous attacks on NATO countries over the past 20 years.
Operation Medusa disabled the software, which allowed the Russian security services, FSB, to steal hundreds of sensitive documents from at least 50 countries, including by attacking government or media computer services, according to a US Justice Department statement.
“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralised one of Russia’s most sophisticated cyber-espionage tools,” Deputy Attorney General Lisa Monaco said.
According to U.S. authorities, the software was guided by an FSB unit called ‘Turla,’ located in Ryazan, Russia. It could identify and steal documents and remain undetected indefinitely. The ‘Turla’ agents exfiltrated this data using the global network of infected computers.
After many years of studying this software, the US federal police managed to create a tool, called ‘Perseus,’ that could communicate with ‘Snake’ and command it to shut down without involving the host computer.
In 2018, German authorities had revealed that they had been subjected to an unprecedented attack attributed by the media to the ‘Snake’ software, also known as ‘Uruburos’ or ‘Turla.’
Victims were also identified in Belgium, Ukraine, the United States and Georgia.