back to article FBI-led Op Medusa slays NATO-bothering Russian military malware network

The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades. Turla, the FSB-backed cyberspy group, has used versions of the Snake malware to steal data from …

  1. Clausewitz4.0 Bronze badge
    Black Helicopters

    Meanwhile in the black sea...

    lucky12345 sips his vodka and prepares his next project, probably badly implicating the FBI itself.

    As a buch of people are now too afraid to collect the US$ 10.000.000 million dollars on his head, because it is too risky - I heard people have tried and are now dead.

  2. Pascal Monett Silver badge
    FAIL

    "almost two decades"

    Was that the time it took to train FBI agents ?

    Two decades to stop spyware. Wow.

    No medals will be awarded here.

    1. Claptrap314 Silver badge

      Re: "almost two decades"

      Maybe not by your government (or mine).

    2. Clausewitz4.0 Bronze badge
      Black Helicopters

      Re: "almost two decades"

      Clearly they were compromising the infected hosts themselves, until there was a need of a "PR Stunt" showing they are good cyberfellas - PR needed because they are failing badly in another front.

  3. Claptrap314 Silver badge
    Alert

    Wow

    The Register article hint at it, but just the table of contents indicates that this thing is a tour de force of how to do things as an attacker.

    This is software engineering for the dark side. Give the Devil his due.

    1. Claptrap314 Silver badge

      Re: Wow

      Read through that. Yeah. These guys are good. The last third of that document gives detailed information about detection, and then ends with counter & recovery measures. With the excetion of the RFC 918 stuff, however, prevention is the usual stuff.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wow

      Still reading it (and I think I'll have to re-read the mitigation section a few times), but it strikes me that its current form heaviliy relies on Windows-specific mechanisms to keep itself deeply hidden and obfuscated.

      I am not so certain that you can just cross compile it to work like that on MacOS and Linux and remain as hidden - I'd love to see that analysed separately.

      That said, it's definitely good engineering for the dark side - some of the traffic obfuscation techniques I've been thinking of myself, and IPv6 gives you even more tools to hide a covert export and C&C channel. This is very worrying software.

      Now, if you will excuse me, there's some moron playing Rocco Granata's "Marina" on a PA system, I just have to dig up my insulated wire cutters..

  4. Anonymous Coward
    Facepalm

    Snake can infect Windows, Linux, and macOS systems

    What's the initial infection vector for Windows, Linux, and macOS?

    > The FBI has cut off a network of Kremlin-controlled computers

    "Kremlin-controlled computers" .. snort! I would have thought the NSA werre more qualified to deal with "Kremlin-controlled computers"

  5. Anonymous Coward
    Anonymous Coward

    Worryingly impressive

    This reads like an entreprise grde commercial software spec, especially since 20 years of development doesn't seem to have resulted in much bloat.

    That's definitely state sponsored spyware - there's no hope in hell that was creted by some criminal hobbyists.

    I'm going to have to read the mitigations chapter a few times..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like