US busts Russian cyber operation in dozens of countries

Russian RS-24 Yars ballistic missiles drive along the embankment next to the Kremlin wall after the Victory Day military parade in Moscow, Russia, Tuesday, May 9, 2023, marking the 78th anniversary of the end of World War II. (AP Photo/Alexander Zemlianichenko)

WASHINGTON (AP) — The Justice Department said Tuesday that it had disrupted a long-running Russian cyberespionage campaign that infected computer networks in dozens of countries, including in the United States, and resulted in the theft of sensitive information from governments.

Prosecutors linked the spying operation to a unit of Russia's Federal Security Service, or FSB, and accused the hackers of stealing documents from hundreds of computer systems belonging to governments of NATO members, an unidentified journalist for a U.S. news organization who reported on Russia, and other select targets of interest to the Kremlin.

“For 20 years, the FSB has relied on the Snake malware to conduct cyberespionage against the United States and our allies — that ends today,” Assistant Attorney General Matthew Olsen, the head of the Justice Department’s National Security Division, said in a statement.

The specific targets were not named in court papers, but the Justice Department said the affected networks were in more than 50 countries. U.S. officials described the espionage campaign as “very consequential,” saying the hackers had successfully exfiltrated sensitive documents from NATO countries.

Prosecutors say the hackers, employing malicious software known as Snake, routed data stolen from foreign governments through compromised computers in the U.S. as a way to cover their tracks. They operated from what the Justice Department said was a known FSB facility in Ryazan, Russia.

In a separate statement, CrowdStrike Intelligence, a private cybersecurity firm that has studied the threat, said the sectors targeted by the hacking included government organizations, defense-related organizations and companies developing cryptographic hardware. It said countries all over the world had been affected, including in Europe, Australia, part of Asia and North and South America.

U.S. officials said they'd been investigating Snake for about a decade and came to regard it as the most sophisticated malware implant relied on by the Russian government for espionage campaigns. They said Turla, the FSB unit believed responsible for the malware, had refined and revised it multiple times as a way to avoid being shut down.

The Justice Department, using a warrant this week from a federal judge in Brooklyn, launched what it said was a high-tech operation using a specialized tool called Perseus that caused the malware to effectively self-destruct.

Federal officials said they were confident that, based on the impact of its operation this week, the FSB would not be able to reconstitute the malware implant.

______

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP