Facts

• The US Dept. of Justice said on Tuesday that — together with the FBI, the NSA, and partner intelligence agencies from abroad — it executed a court-approved operation to disable a "premier" Russian spying tool that allegedly infected computers in at least 50 countries and resulted in the theft of sensitive documents belonging both to governments and other entities.^[1]
• The FBI’s technical experts identified the malware used by Russia’s FSB security service, reportedly dubbed “Snake.” The infamous hacking group known as “Turla” — made up of FSB spies — is reportedly being tracked by the private sector.^[2]
• The FBI’s operation “MEDUSA” sought to disrupt the Russian network, and it used the recently developed “PERSEUS” tool to successfully neutralize the Snake after a Brooklyn judge granted authorization to secure remote access to infected computers.^[3]
• The FBI collaborated with the US Attorney’s Office for the Eastern District of NY (EDNY), along with multiple foreign governments, to take down the malware network attributed to a unit within the FSB’s Center 16.^[4]
• US officials say the defunct network is one of the world’s most sophisticated hacking tools. A senior FBI official said the operation would make using the hacking instrument “difficult or and untenable” for the FSB.^[5]
• Meanwhile, in a separate statement from the NSA, the agency — alongside the FBI, the Cybersecurity and Infrastructure Security Agency, and intelligence agencies from Australia, Britain, Canada, and New Zealand — issued a joint Cybersecurity Advisory notice. The NSA said the notice provided "background on Snake's attribution to the FSB," and provided technical recommendations for systems administrators to protect against Snake-related malware.^[6]