The US Department of Justice announces the completion of an operation by the Federal Bureau of Investigation (FBI) on a global peer-to-peer network of computers that were infected with Snake malware. It, according to the investigation, codenamed "Operation MEDUSA", was used for cyber espionage purposes by the 16th center of the FSB of the Russian Federation.
Using a tool developed by the FBI called PERSEUS, the specialists managed to disable Snake by forcing him to rewrite "its vital components."
According to the US Department of Justice, the Turla hacker group used this malware to steal documents containing sensitive information from the computer systems of NATO countries, as well as from journalists "and other objects of interest to the Russian Federation." After that, hackers received them through a network of computers compromised with Snake, whose users were unaware of this. This way of obtaining these documents made it difficult to find their final recipient.
The report also warns that Snake was used by Turla to install a “keylogger”, an application that tracks information that the user enters from the keyboard, on the machines they need. In this way, they were able to steal the logins and passwords of these people, and then use them to enter systems to which they had access.
At the end of April, FBI Director Christopher Wray claimed that China has 50 times more employees who deal with threats in cyberspace than the United States. At the same time, he stressed that most cyber threats come from China.