FSB spyware stole documents from NATO countries for 20 years

By nigratan

nigroll.com

May 9, 2023

The US Federal Bureau of Investigation has identified and deactivated "one of Russia's most sophisticated cyber-espionage tools." The software has been used for two decades to steal documents from NATO governments, journalists and others, according to The Wall Street Journal, citing court documents released Tuesday.

The spyware, dubbed Snake, was run by the hacker group Turla. According to American counterintelligence officers, it consists of employees of the Ryazan division of the FSB. To cover their tracks, stolen documents were sent through infected computers located in the United States.

FSB agents have identified computers with the Snake virus, including in Oregon, South Carolina and Connecticut. On Monday, the spyware was deactivated as a result of "a highly technical operation by US law enforcement that turned the spyware against itself," Deputy Attorney General Lisa Monaco said.

The court documents describe, in particular, such a case. In 2015-2017 the Snake program was used to infiltrate the computer of the Ministry of Foreign Affairs of one of the NATO countries. The FBI has identified, collected and decrypted data exchanged between a ministerial computer and an infected computer in the United States. It turned out that in this way the Turla hackers tried to get the internal documents of the UN and NATO.

The FBI also has evidence that these hackers were trying to break into the computer of a journalist in the US who wrote about the Russian government. The name of the journalist is not mentioned in court documents.