This week, the United Kingdom and several international allies issued a joint advisory exposing a sophisticated espionage tool known as "Snake" used by Russian cyber actors against their targets. The advisory reveals technical details about the malware and warns of the potential dangers it poses to organizations and governments worldwide.
Snake, also known as Turla or Uroburos, is a complex malware tool that has been used by Russian intelligence since at least 2008. The malware is capable of stealing sensitive information, including passwords, keystrokes, and screenshots, and can remain undetected for extended periods, making it a potent tool for espionage.
According to the advisory, Snake has been used by Russian cyber actors to target governments, military organizations, and research institutions, primarily in Europe and the Middle East. The malware has also been used to target commercial entities in the energy and technology sectors.
They reveal that Snake is designed to be modular and can be customized for specific targets. It can also be controlled remotely and can update itself to avoid detection. These features make Snake one of the most sophisticated and dangerous malware tools currently in use.
Snake Malware: One of the Most Sophisticated Tools Used by Russian Cyber Actors
The advisory warns that Snake is designed to remain undetected by security software, making it challenging to detect and remove. It also notes that the malware is often spread through spear-phishing attacks, where an attacker sends a convincing-looking email to a target, encouraging them to click on a malicious link or download an attachment.
The joint advisory was issued by the UK's National Cyber Security Centre (NCSC), along with with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), Cyber National Mission Force, the Canadian Centre for Cyber Security (CCCS), the Communications Security Establishment (CSE), the Australian Cyber Security Centre (ACSC) and the New Zealand National Cyber Security Centre.
In a statement, the NCSC said that "the Snake malware is one of the most sophisticated and effective tools used by Russian cyber actors." they added that "by issuing this advisory, we are providing organizations worldwide with the technical information they need to defend against this dangerous threat."
Paul Chichester, NCSC Director of Operations, said: “The advisory lifts the lid on a highly sophisticated espionage tool used by Russian cyber actors, helping to expose the tactics and techniques being used against specific targets around the world."
The advisory also includes technical details and guidance for organizations on how to detect and mitigate the threat posed by Snake. It encourages organizations to ensure that their security software is up to date and to train employees to recognize and report suspicious emails.
