FBI hacked American computers to ‘fix Russian malware’

Lazy eyes listen


The US government claims that it legitimately hacked into a network of computers infected with’malware’ in order to disrupt a Russian cyber eavesdropping operation. Officials praised the use of a court warrant to remotely access infected machines as a “innovative use of legal authorities.”

On Tuesday, the US Department of Justice unveiled details of Operation MEDUSA, a cooperative effort by numerous US and international law enforcement and intelligence organisations that targeted a hacker gang nicknamed ‘Turla’.

US officials stated that the outfit was tied to the Russian Federal Security Service (FSB), and had deployed a sophisticated malware toolset called ‘Snake’. According to Washington, the hackers used compromised systems to duplicate stolen files and deploy other cyberweapons.

“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” said US Attorney General Merrick Garland.

The FBI used Operation MEDUSA to remotely access infected computers and deceive Snake into self-destructing. The hacking was authorised by the Eastern District of New York and constituted “innovative use of legal authorities,” according to Matthew G. Olsen, director of the Department of Justice’s National Security Division.

The US government did not specify how many American computers were accessed, but it did state that owners had been alerted of the operation.

Officials said that the FSB unit was based in Ryazan and that the network under its control expanded across 50 countries. According to the Cybersecurity and Infrastructure Security Agency (CISA), Russian human mistake allowed US cybersecurity researchers to identify the malware and design a method to counter it.

The outcome was described by Washington as a big success for itself and its allies, with the network being “the FSB’s most sophisticated long-term cyberespionage malware implant.”