iTnews Asia
  • Home
  • News
  • Security

Cyber agencies find espionage infrastructure in 50-plus countries

Cyber agencies find espionage infrastructure in 50-plus countries

Russian attack tool infrastructure laid bare.

By Richard Chirgwin on May 10, 2023 12:02PM

Nine cyber security agencies in five countries including Australia have issued a warning against an implant they’ve dubbed Snake, and attributed to Russia’s FSB security service.

It’s not the first time Snake has made the news: the malware has been known to threat-hunters since at least 2014, when Kaspersky discussed it at Black Hat.

In a post detailing the espionage tool, America’s Cybersecurity and Infrastructure Security Agency (CISA) laid bare Snake’s international peer-to-peer network of infected computers, and provided a detailed description of its architecture.

“Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets,” CISA said.

“Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.”

Infrastructure has been found in 50 countries in North America, South America, Europe, Africa, Asia, and Australia, as well as Russia.

CISA identified government networks, research facilities and journalists as targets, and Snake has been used to “exfiltrate sensitive international relations documents, as well as other diplomatic communications” from a NATO member.

Victim organisations in North America included education, media organisations, and a range of critical infrastructure operators.

Calling Snake the “most sophisticated cyber espionage tool in the FSB’s arsenal”, CISA said it has a “rare level of stealth” both in infected hosts and network communications, with an internal structure designed for easy incorporation of new or replacement components”.

It’s a cross-platform system, CISA said, with variants for Windows, macOS and Linux.

The agencies behind the advisory are the FBI, National Security Agency, CISA and the Cyber National Mission Force from the USA; the UK’s National Cyber Security Centre; Canada’s Centre for Cyber Security and Communications Security Establishment; the Australian Cyber Security Centre; and New Zealand’s National Cyber Security Centre.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acsc cisa fsb security snake

Related Articles

  • Best practice tips for secure password management
  • Are third-party blind spots the weakest link in enterprise cybersecurity chain?
  • Five tips a CIO or CSO should know to stop employee-driven IP theft
  • StarHub launches app to protect customers from scam calls and SMS
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Are third-party blind spots the weakest link in enterprise cybersecurity chain?

Are third-party blind spots the weakest link in enterprise cybersecurity chain?
Indonesia's national data centre suffers ransomware attack

Indonesia's national data centre suffers ransomware attack
Philippines Maxicare, Jollibee Foods Corporation hit by data breach

Philippines Maxicare, Jollibee Foods Corporation hit by data breach
Philippine education ministry hit by data leak exposing 210,020 records

Philippine education ministry hit by data leak exposing 210,020 records
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.