Home / News

US Justice Department and FBI Dismantle Long-Running Russian State-Sponsored Cyber-Espionage Operation Targeting NATO

The United States Department of Justice has announced that it has neutralized a global network of computers compromised by malware called “Snake,” which the U.S. government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). The FSB unit, known as Turla, has reportedly used the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries over the last 20 years. After stealing the documents, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the U.S. and around the world.

The FBI executed the operation, code-named MEDUSA, with the U.S. Attorney’s Office for the Eastern District of New York, which issued a search warrant. The FBI used an FBI-created tool named PERSEUS to disable Turla’s Snake malware on compromised computers. The FBI is engaging with local authorities to provide notice of Snake infections within those authorities’ countries and remediation guidance for victims outside the U.S.

The Snake malware allows its Turla operators to remotely deploy selected malware tools to identify and steal sensitive information and documents stored on a particular machine. The worldwide collection of Snake-compromised computers acts as a covert peer-to-peer network that utilizes customized communication protocols designed to hamper detection, monitoring, and collection efforts by Western and other signals intelligence services.

The FBI has monitored the FSB’s use of the Snake network to exfiltrate data from sensitive computer systems, including those operated by NATO member governments, by routing the transmission of these stolen data through unwitting Snake-compromised computers in the United States.

What’s next: The FBI and six other intelligence and cybersecurity agencies from each of the Five Eyes member nations issued a joint cybersecurity advisory with detailed technical information about the Snake malware that will allow cybersecurity professionals to detect and remediate Snake malware infections on their networks. The FBI and U.S. Department of State are also providing additional information to local authorities in countries where computers that have been targeted by the Snake malware have been located.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com