The US Justice Department says it has disrupted a long-running Russian cyber espionage campaign that stole sensitive information from computer networks in dozens of countries, including Nato members.
Prosecutors linked the spying operation to a unit of Russia’s Federal Security Service, or FSB, and accused the hackers of stealing documents from hundreds of computer systems belonging to governments of Nato members, an unidentified journalist for a US news organisation who reported on Russia, and other targets of interest to the Kremlin.
“For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies — that ends today,” assistant attorney general Matthew Olsen, the head of the Justice Department’s National Security Division, said in a statement.
The specific targets were not named in court papers, but US officials described the espionage campaign as “consequential”, having extracted sensitive documents from Nato countries and government agencies and other organisations in the US.
The Russian operation relied on the malicious software known as Snake to infect computers, with hackers operating from what the Justice Department said was a known FSB facility in Ryazan, Russia.
US officials said they had been investigating Snake for about a decade and came to regard it as the most sophisticated malware implant used by the Russian government for espionage campaigns.
They said Turla, the FSB unit believed responsible for the malware, had refined and revised it multiple times to avoid being shut down.
The Justice Department, using a warrant this week from a federal judge in Brooklyn, launched what it said was a high-tech operation using a specialised tool called Perseus that caused the malware to effectively self-destruct.
Federal officials said they were confident that, based on the impact of its operation this week, the FSB would not be able to reconstitute the malware implant.