The American CISA (Cybersecurity and Infrastructure Security Agency) has identified the most advanced cyber espionage tool "Snake" of the Russian secret service FSB in 50 countries and almost all continents including Europe and North America. The tool attacked government networks, research institutions and also journalists. A Cybersecurity Advisory helps global experts to detect and defend against.
According to CISA (Cybersecurity and Infrastructure Security Agency), Snake malware and its infrastructure is considered to be the most advanced cyber espionage tool developed and used by Center 16 of the Russian Federal Security Service (FSB) for long-term intelligence gathering on sensitive targets. To conduct operations using this tool, the FSB has built a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide.
Covert snake network exposed worldwide
Many systems in this P2P network serve as relay nodes, relaying disguised operational traffic to and from infected snake networks and then to the information center of the Russian secret service FSB. Snake's custom communication protocols use encryption and fragmentation to maintain confidentiality and are designed to hamper detection and collection efforts.
Network extends over 50 countries
CISA has identified Snake infrastructure in over 50 countries in North America, South America, Europe, Africa, Asia and Australia, including the United States and Russia itself. Although Snake leverages infrastructure across industries, its focus is purposeful and tactical. Globally, the FSB has used snakes to gather sensitive information from priority targets such as government networks, research institutions and journalists. For example, FSB actors used Snake to access and exfiltrate confidential international relations documents and other diplomatic communications from a victim in a North Atlantic Treaty Organization (NATO) country. In the United States, the FSB has victimized industries such as education, small businesses, and media organizations.
Primarily targeting NATO countries
A CISA Cybersecurity Advisory (CSA) provides background information on Snake's assignment to the FSB, as well as detailed technical descriptions of the Snake cyber-espionage tool's host architecture and network communications. The CSA is also dealing with a current snake variant that is not yet widely known. CISA provides the technical information and remediation recommendations in the Cybersecurity Advisory to help network defenders identify snakes and related activities.
More at CISA.gov