Skip to main content

FBI disables Russian malware operation targeting foreign governments

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the “premier cyberespionage malware” of Russia’s Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

The hacking group, a well-known unit known as Turla, spent nearly two decades using different versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries.

According to the DoJ, the Snake malware recorded keystrokes, enabling the hackers to steal their targets’ account authentication credentials such as usernames and passwords. It warned victims that stolen credentials could still be used to fraudulently re-access compromised computers and other accounts.

The FBI was able to decrypt and decode Snake communications through analysis of the Snake malware and its network.

“With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer,” the DOJ explained in a release.

Russia officially denies carrying out cyber espionage operations, but the FBI and its partners are in little doubt about the significance of its breakthrough.

Commenting on the FBI’s work, Attorney General Merrick B. Garland said: “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more