Saturday, May 18, 2024

Vogon Today

Selected News from the Galaxy

StartMag

US and allies neutralized Russian hackers Turla, here’s how

1 year ago babelfish

US and allies neutralized Russian hackers Turla, here's how

The Five Eyes have announced the dismantling of the malware of Turla, a group of hackers associated with the government of Russia. The article by Giuseppe Gagliano

One of the most sophisticated tools in the context of cyber warfare put in place by the Russians has been neutralized thanks to the profitable synergy of the intelligence agencies of the United States, Australia, Canada, the United Kingdom and New Zealand. The operation targeted Turla, a group of hackers that cybersecurity experts have long associated with the Russian government.

THE RUSSIAN HACKERS OF TURLA

Turla is believed to be made up of officers from Center 16, an intelligence unit of the Russian Federal Security Service (FSB), one of the successor agencies to the Soviet-era KGB. Since its emergence in 2003, Turla has used highly sophisticated malware dubbed "Snake" to infect thousands of computer systems in over 50 countries around the world. Turla's victims include highly sensitive government computer networks across the United States, including those of the Department of Defense, the National Aeronautics and Space Administration, and US Central Command.

SNAKE MALWARE

Snake malware has also been found on the computers of privately owned companies, particularly those belonging to various critical infrastructure sectors, such as financial services, government facilities, electronics manufacturing, telecommunications, and healthcare. For over two decades, the Snake malware has used thousands of compromised computers across the West as nodes in complex peer-to-peer networks, and thus Turla's hackers were able to disguise the location from which they launched their attacks .

THE FIVE EYES COUNTEROFFENSIVE

On Tuesday, however, the US Justice Department announced that the Federal Bureau of Investigation (FBI), along with its counterparts in the US-led "Five Eyes" intelligence-sharing alliance, had succeeded in taking down Snake. This effort, codenamed Operation MEDUSA, was reportedly launched nearly 20 years ago with the goal of neutralizing the Snake malware. Five Eyes cyber defense experts have managed to locate Turla's facilities in Moscow, as well as in Ryazan, an industrial center located about 120 miles southeast of the Russian capital.

The complex cyber defense operation culminated in the development of an anti-malware tool that the FBI has dubbed PERSEUS. According to the Justice Department announcement, PERSEUS was designed to impersonate Snake's Turla operators. In doing so, he was able to take over Snake's command and control duties. Essentially, PERSEUS hacked Snake and instructed the malware to self-delete from the computers it had compromised. As of this week, then, the worldwide peer-to-peer network that Snake had painstakingly built over two decades ceased to exist, as did Snake himself.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/mondo/russia-cyber-turla/ on Fri, 12 May 2023 06:38:45 +0000.