Snake: what is this Russian software, 20 years old, neutralized by the United States?

“US law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools.” Announcement made by US Deputy Justice Minister Lisa Monaco on Tuesday. Washington implemented “a high-tech operation”, which turned “this Russian malware against itself”. But what was this software really doing?

Capable of “stealing hundreds of sensitive documents”

Dubbed “Snake”, it is considered by the US Cyber ​​Defense Agency (Cisa), “the most sophisticated cyber-espionage tool in the FSB’s arsenal”. It allowed Russian intelligence services to “steal hundreds of sensitive documents in at least 50 countries”, including attacking the computer services of governments, media or research centers, according to a press release from the US Department of Justice.

“Snake” had been known to cybersecurity experts for at least ten years. The Cisa places its date of creation around 2003 and estimates that it has undergone numerous updates over time. “It surprisingly has very few computer bugs, which is surprising given its complexity,” also notes the American agency.

Also known as “Uroboros”

According to US authorities, “Snake” was guided from an FSB unit called “Turla”, located in Ryazan, Russia. He could identify and steal documents and remain undetected indefinitely. Its specificity: the agents of “Turla” exfiltrated this data using the global network of infected computers.

In 2018, the German Foreign Ministry revealed that it had been the subject of an unprecedented attack attributed by the media to the “Snake” software, also known as “Uroboros”. Victims have also been identified in Belgium, Ukraine, the United States, Switzerland or Georgia.