Snake: What is this 20-year-old Russian software neutralized by the US?

“U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools.” This was announced on Tuesday by US Deputy Attorney General Lisa Monaco. Washington carried out a “high-tech operation” that turned “this Russian malware against itself.” But what did this software actually do?

Capable of “stealing hundreds of confidential documents”

The U.S. Cyber ​​Defense Agency (Cisa) considers the snake “the most sophisticated cyber-espionage tool in the FSB’s arsenal.” This allowed Russian intelligence agencies to “steal hundreds of confidential documents in at least 50 countries,” including attacking government computer services, media outlets or research centers, the U.S. Department of Justice said in a statement.

Snake has been known to cybersecurity professionals for at least a decade. The date of Cisa’s inception dates back to around 2003, and it is estimated that it has gone through many updates over time. “Surprisingly, it has very few computer errors, which is surprising given its complexity,” the American agency also notes.

Also known as “Ouroboros”.

According to US authorities, Snake was controlled from an FSB unit called Turla based in Ryazan, Russia. He could identify and steal documents and remain undetected indefinitely. Its specificity: Turla agents exfiltrated this data using a global network of infected computers.

In 2018, the German Foreign Ministry reported that it was the target of an unprecedented attack attributed by the media to the “Snake” software, also known as “Uroboros”. Victims have also been identified in Belgium, Ukraine, USA, Switzerland or Georgia.

By studying this software for years, the US Federal Police managed to create a tool called the Perseus that could communicate with Snake and tell him to shut down without the involvement of the main computer. It was neutralized during Operation Medusa, conducted by the FBI together with foreign partners.