Snake malware
(also Uroboros, Turla)
Snake malware definition
Snake malware is a sophisticated cyber-espionage tool developed by the Federal Security Service (FSB) of Russia in 2003. Snake malware is used to steal confidential information, such as international relations documents or diplomatic communications, and relay it to the FSB using a covert peer-to-peer (P2P) network of Snake-compromised devices.
Snake malware typically targets high-profile targets or critical infrastructure systems, although the devices of private citizens are sometimes used as covert relays in the Snake P2P network. Cybersecurity experts consider Snake malware to be a very dangerous threat due to its exceptional ability to avoid detection, high modability, and robust programming.
See also: anti-malware, computer virus, polymorphic malware, cyber espionage, black hat hacker, cyberattack
Snake malware infection
Snake malware is typically first deployed on the target network’s external-facing nodes using spear-phishing or watering hole attacks. The FSB then uses other tools and techniques (such as keyloggers and network sniffers) to penetrate deeper into the network, gradually working to obtain administrator credentials and access domain controllers.
Snake malware and operation MEDUSA
On May 9, 2023, the Justice Department of the United States announced that its operation MEDUSA had successfully disabled the Snake malware network. MEDUSA used PERSEUS, a tool developed by the Federal Bureau of Investigation, to command Snake malware to terminate its applications and overwrite its vital components.