Russia's Military Malware Network Destroyed With 'Suicide Command', With Success Of FBI's Operation Medusa

The malware network `` Snake '', which was deployed by the Russian Federal Security Service (FSB) targeting more than 50 countries, was destroyed by the operation `` Operation Medusa '' led by the Federal Bureau of Investigation (FBI). The FBI has developed a Snake countermeasure tool named `` PERSEUS (Perseus: a hero of Greek myth who defeated Medusa) '' and has succeeded in making Snake execute a suicide command.

Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service | OPA | Department of Justice
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled

US Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide > National Security Agency/Central Security Service > Press Release View
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3389044/us-agencies-and-allies-partner-to-identify-russian-snake-malware- infrastructure/

The malware network `` Snake '' deployed by the FSB began its activities around 2004, infecting computers around the world and forming an interoperable P2P network between Windows, macOS, and Linux. According to the report, Snake was the most sophisticated of the FSB's espionage tools, with features such as 'a complex design with very few bugs' and 'difficult to detect with antivirus tools.' About.

The FSB used Snake to access ``diplomatic communications between NATO member countries''. However, although the Snake tool itself was excellent, there were cases where Snake's operational mistakes left a foothold leading to tracking. The intelligence agencies of the ' Five Eyes ' countries such as the United States, the United Kingdom, Australia, Canada, and New Zealand track traces of Snake operational errors left on the Internet, and identify the technical details of the Snake and the computer where the Snake is lurking. Did.

Based on Snake's analysis results, the FBI developed ``a tool that establishes communication with the computer where Snake is lurking and allows Snake to issue a ``command to overwrite its own important components'' without affecting the computer. Did. This tool named 'PERSEUS' worked as expected and succeeded in neutralizing Snake.

According to the FBI, although Snake was successfully disabled, it did not search for or delete ``attack tools other than Snake that attackers set on computers''. For this reason, the FBI is asking Snake victims to take additional steps to protect themselves from harm.

The technical details of Snake are summarized in the following security recommendations jointly announced by the Five Eyes countries.

Hunting Russian Intelligence “Snake” Malware | CISA
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a