US DOJ Takes Down Malware Network Run by Russian Actors

The US Department of Justice (DOJ) declared on Tuesday that they have taken down a worldwide network of computers that were infected with malware, which Russian state security services allegedly used for almost two decades to extract classified information from the United States and NATO allies.

The initiative, code-named "MEDUSA," aimed to eliminate the "Snake" malware utilized by a unit within the Russian FSB named "Turla," which cyber experts regard as one of the world's most advanced cyber espionage groups. The FBI created a tool called "PERSEUS," which neutralizes the Snake malware without affecting the host computer or legitimate applications, after being granted permission from a judge in Brooklyn to grant access to contaminated computers. The Snake malware targeted countries that are NATO member, financial institutions, journalists, and other targets of the Russian government, dating back to 2004.

The FBI informed all victims whose computers were accessed in the MEDUSA operation, and the United States and Five Eyes partners have issued a joint cybersecurity advisory that includes detailed technical information on the malware so cybersecurity experts can detect whether other networks have been potentially infected. After gaining access to networks, the Turla group is known to use a "keylogger" tool that steals account passwords and other authentication credentials, posing a continuous threat to some of the targeted individuals.

What Are State-Sponsored Threat Actors and How Are They Often Leveraged in International Cyber-Espionage?

State-sponsored threat actors are cybercriminals who receive support from national governments to conduct cyber-attacks, cyber espionage, or other malicious activities against foreign nations, organizations, or individuals. These actors are often highly skilled and well-funded, and they operate with the objective of advancing their respective countries' strategic and economic interests.

State-sponsored threat actors typically target a broad range of targets, including government agencies, military institutions, critical infrastructure, financial institutions, universities, and private companies. They may use a variety of tactics, such as spear-phishing, malware, social engineering, and zero-day exploits to gain unauthorized access to targeted systems or steal sensitive data.

These cyber-espionage campaigns often begin with reconnaissance to identify vulnerable systems and information of interest. Once access is obtained, the threat actors will move laterally throughout the network to escalate their privileges and collect sensitive data. In some cases, they may deploy backdoors, malware, or other tools to maintain long-term access to the compromised systems and continue their operations undetected.

State-sponsored threat actors are often leveraged in international cyber-espionage campaigns to gain a strategic advantage over other nations or to steal valuable intellectual property. The attacks can be used to advance political, military, economic, or diplomatic goals, and the stolen data can be used to inform national policies, inform business decisions, or sold for profit on the dark web. The potential impact of state-sponsored cyber-espionage campaigns can be severe, including the loss of critical infrastructure, damage to national security, and significant financial losses for individuals and organizations.