“This is what we assess to be the most sophisticated malware deployed by the FSB when it comes to espionage campaigns,” the FBI official said.
Russian spies did not use Snake to stage physical attacks, U.S. officials said Tuesday.
Still, it represented something of a Swiss-army-knife of digital spying, giving Russian spies clandestine access to victim computers, allowing those devices to communicate covertly among each other and acting as a staging point for additional activity from Kremlin spooks.
For years, the Snake malware avoided detection from U.S. authorities through the use of two custom digital communication protocols — a “sophisticated” evasion technique that allowed Russians to send surreptitious communications with other compromised devices, according to the court documents unsealed Tuesday.
In another sign of how careful the Russian operation was, the indictment only identified eight U.S.-based victims of the Kremlin espionage operation.
But U.S. authorities, which have been investigating the malware for more than 10 years, ultimately identified a way to identify and decrypt those communications.
Over the years, that allowed U.S. authorities to alert targets of the advanced Russian spying tool. There has been “ongoing engagement with domestic victim organizations since the inception of this investigation,” the FBI official said.
On Monday, U.S. authorities used their own digital tool, dubbed Perseus, to cause Snake to disable itself from victim computers.
“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” Deputy Attorney General Lisa Monaco said in a statement.
As it did in two prior cases, the Justice Department used a special seizure warrant, known as Rule 41, to remove the Russian malware from U.S. victim computers.