AICPA SOC Service Organizations - Certrec

Snake is Russia’s Most Sophisticated Cyberespionage Tool

Snake is Russia’s Most Sophisticated Cyberespionage Tool - Certrec

In May this year, CISA released an advisory warning about Russian cyber threat actors using “a sophisticated cyberespionage tool” called Snake. According to The Hacker News, this is the work of Turla, which is also known by many other names, including, Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Benomous Bear, and Waterbug.

As stated by CISA, the Snake implant is the “most sophisticated cyberespionage tool designed and used by Center 16 of Russia’s Federal Security Service for long-term intelligence collection on sensitive targets.”

What is Snake?

The primary goal of cyberwarfare is to disrupt the activities of a nation-state, while in a cyberespionage attack, the goal is to stay hidden for a long period of time, in order to collect maximum intelligence.

The Snake network was developed by the Federal Security Service of the Russian Federation (FSB, Federal’naya Sluzhba Bezopansnosti) in 2003. The aim of this network was to conduct global cyberespionage operations. The main targets were NATO, research institutes, companies, financial and media organizations, government agencies, etc. Thus far, it has been detected on Windows, macOS, and Linux computers in over 50 countries around the world.

In the United States, the victims of the FSB include education institutions, media organizations, and small businesses. It has also impacted critical infrastructure sectors, like the local government, manufacturing, finance, and telecommunications.

How Does It Work?

According to Logpoint, the FSB “devised an ingenious strategy utilizing ‘Snake Malware’ and established a global network of infected computers, employing a peer-to-peer (P2P) architecture. Within this extensive web, numerous systems act as relay nodes, discreetly guiding disguised operational traffic to and from the Snake implants deployed on the FSB’s primary targets.”

The hidden network allows infected computers to collect sensitive information, which is then disguised through sophisticated encryption, and sent to Russia. Since it uses custom communication protocols, its operations remain hidden for a very long time.

The U.S. Government Neutralizes Snake

On May 9, it was announced by the US Department of Justice that “through operation MEDUSA, the FBI, and the U.S. Attorney’s Office for the Eastern District of New York neutralized the FSB’s premier cyberespionage malware implant in coordination with multiple foreign governments.”

The Snake malware is complex and it needs to be deployed with precision in order to avoid detection. However, according to the Department of Justice, the Russian cyber actors were careless and made mistakes, which helped the Americans to discover Snake.

What Can You Do To Protect Against Snake - Certrec

What Can You Do To Protect Against Snake?

The following cybersecurity steps may be taken by organizations as well as individuals at home. 

  1. Passwords and Multi-Factor Authentication
    Always use unique and strong passwords, and use multi-factor authentication (2FA) on all your accounts. Also, make sure to use a password manager.
  2. Authenticate, Authorize, and Validate Users
    Anyone who is not authorized to use your computer must not be given access. This is true for company and individual computers.
  3. Use Latest Anti-Malware Software
    Always make sure to use the latest anti-malware (aka antivirus software). It will protect your system by removing malware.
  4. Backup Important Data
    It is very important to regularly backup data on your computer. The best way is to set up an automatic data backup.
  5. Regularly Update Your System and Software
    By regularly updating your system and software, you will keep new applications secure, and patch your system as required.
  1. Mobile Device Security
    Password-protect your mobile device, encrypt data, and install security apps to prevent cybercriminals from getting into your phone or stealing your sensitive information.

Disclaimer: Any opinions expressed in this blog do not necessarily reflect the opinions of Certrec. This content is meant for informational purposes only.