As of Tuesday, the U.S. government announced the disruption of a highly sophisticated hacking tool, wielded by Russia’s Federal Security Service. Snake is an espionage tool, also known as Turla, attributed to Russian state-sponsored hacking groups. It possesses a highly lethal track record of targeting government and military organisations, embassies and other high-value targets worldwide. It is considered to be one of the most dangerous and sophisticated cyber tools today.
So how is it so deadly? The Snake malware is designed to steal sensitive information from computer systems and has been continuously refined over the years. One of its most notable features is its ability to hide its presence on infected systems using advanced rootkit techniques. Snake is distributed through the use of spear-phishing emails, watering hole attacks and other targeted means.
U.S. government has now moved into a court-authorized disruption of global networks compromised by Snake. The neutralization of networks was orchestrated by Operation MEDUSA, a tool created by the U.S Federal Bureau of Investigation (FBI), that permits authorities to issue commands to the malware that causes it to “overwrite its own vital components”. Engineered after decrypting and decoding the malware’s network communications, self-destruct instructions caused the “Snake implant to disable itself without affecting the host computer or legitimate applications on the computer”, said the agency.
Such development against this highly skilled cyber attack comes just a little over a year since the U.S. law enforcement and intelligence agencies disarmed a modular botnet known as Cyclops Blink. Again, this is controlled by another Russian nation-state actor known as Sandworm.
Despite these enforcement efforts, Snake remains an active and highly threatening adversary. Its ability to unleash an array of tactics and tools to breach its targets such as Windows, macOS, Linux and Android means that organisations should be pushing cyber security to the highest standard.