The United States Department of Justice has announced that it has neutralized a global network of computers compromised by malware called “Snake,” which the U.S. government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). The FSB unit, known as Turla, has reportedly used the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries over the last 20 years. After stealing the documents, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the U.S. and around the world.

The FBI executed the operation, code-named MEDUSA, with the U.S. Attorney’s Office for the Eastern District of New York, which issued a search warrant. The FBI used an FBI-created tool named PERSEUS to disable Turla’s Snake malware on compromised computers. The FBI is engaging with local authorities to provide notice of Snake infections within those authorities’ countries and remediation guidance for victims outside the U.S.

The Snake malware allows its Turla operators to remotely deploy selected malware tools to identify and steal sensitive information and documents stored on a particular machine. The worldwide collection of Snake-compromised computers acts as a covert peer-to-peer network that utilizes customized communication protocols designed to hamper detection, monitoring, and collection efforts by Western and other signals intelligence services.

The FBI has monitored the FSB’s use of the Snake network to exfiltrate data from sensitive computer systems, including those operated by NATO member governments, by routing the transmission of these stolen data through unwitting Snake-compromised computers in the United States.

What’s next: The FBI and six other intelligence and cybersecurity agencies from each of the Five Eyes member nations issued a joint cybersecurity advisory with detailed technical information about the Snake malware that will allow cybersecurity professionals to detect and remediate Snake malware infections on their networks. The FBI and U.S. Department of State are also providing additional information to local authorities in countries where computers that have been targeted by the Snake malware have been located.