The FBI has sabotaged a suite of malicious software used by elite Russian spies, US authorities say, providing a glimpse of the digital tug-of-war between two cyber superpowers.
Senior law enforcement officials said FBI technical experts
had identified and disabled malware wielded by Russia's FSB security service
against an undisclosed number of US computers, a move they hoped would deal a
death blow to one of Russia's leading cyber spying programs.
"We assess this as being their premier espionage
tool," one of the US officials told journalists ahead of the release.
He said the US hoped the operation would "eradicate it
from the virtual battlefield".
The official said the FSB spies behind the malware, known as
Snake, are part of a notorious hacking group tracked by the private sector and
known as "Turla".
The group has been active for two decades against a variety
of NATO-aligned targets, US government agencies and technology companies, a
senior FBI official said.
"For 20 years, the FSB has relied on the Snake malware
to conduct cyber-espionage against the United States and our allies - that ends
today," Assistant Attorney General Matthew Olsen, the head of the Justice
Department's National Security Division, said in a statement.
The specific targets were not named in court papers but US
officials described the espionage campaign as "consequential," having
successfully exfiltrated sensitive documents from NATO countries and also targeted
US government agencies and others in the US.
Russian diplomats did not immediately return a message
seeking comment.
Russia routinely denies carrying out cyber-espionage
operations.
US officials spoke to journalists on Tuesday ahead of the
news release on condition that they not be named.
Similar announcements, revealing the FSB cyber disruption
effort, were made by security agencies in the UK, Canada, Australia and New
Zealand.
Turla is widely considered one of the most sophisticated
hacking teams studied by the security research community.
"They have persisted in the shadows by focusing on
stealth and operational security," John Hultquist, vice president of
threat analysis at US cybersecurity company Mandiant, said.
"They are one of the hardest targets we have."
The US government dubbed the disruption of Turla's Snake
malware "Operation Medusa".
The FBI and its partners identified where the hacking tool
had been deployed across the internet and built a unique software
"payload" to disrupt the hackers' infrastructure.
The FBI relied on existing search warrant authorities to
remotely access the Russian malicious program within victim networks in the US
and sever its connections.
The senior FBI official said the US agency's tool was
designed only to communicate with the Russian spy program.
"It speaks Snake, and communicates with Snake's custom
protocols" without accessing the victim's personal files, the official
said.