[CDP-development] CISA, FBI, NSA, CNMF and International Partners Release Advisory on Sophisticated Malware Used by Russian FSB

Tue May 9 08:15:53 PDT 2023

FYSA

Today, the Cybersecurity and Infrastructure Security Agency (CISA<https://cisa.gov/>), the Federal Bureau of Investigation (FBI<https://fbi.gov/>), the National Security Agency (NSA<https://nsa.gov/>), the U.S. Cyber Command Cyber National Mission Force (CNMF<https://www.cybercom.mil/About/Components/CNMF/>), the United Kingdom National Cyber Security Centre (NCSC UK<https://www.ncsc.gov.uk/>), the Canadian Centre for Cyber Security (CCCS<https://cyber.gc.ca/en>), Canada's Communications Security Establishment (CSE<https://www.cse-cst.gc.ca/>), the Australian Cyber Security Centre (ACSC<https://www.cyber.gov.au/>), and the New Zealand National Cyber Security Centre (NCSC NZ<https://www.ncsc.govt.nz/>) released a joint cybersecurity advisory<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a> (CSA) on Snake malware, the most sophisticated cyber espionage tool designed and used by Russia's Federal Security Service (FSB).

The nearly 50-page cyber advisory details how Russia's FSB has been observed using this malware to exploit a range of businesses and governments in 50 countries across North America, South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself.

The level of sophistication of Snake includes: 1) a means to achieve a heightened level of stealth in its host components and network communications; 2) internal technical architecture that allows for advanced interoperability; and 3) careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity. Snake has been modified several times since it was developed in 2003; however, this CSA mostly focuses on one of the more recent variants that, up until now, has not been widely disclosed.

Within the United States, education, small businesses, and media organizations, as well as critical infrastructure sectors including local government, finance, manufacturing, and communications have been victims of FSB cyber actors.

All organizations are encouraged to review the mitigation and detection techniques in the advisory and follow their policies and incident response best practices to minimize risk to operations while hunting for Snake.

For more on Russian malicious cyber activity, visit https://cisa.gov/Russia.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D9824E.69A19F40]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230509/1719b6ad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230509/1719b6ad/attachment-0001.png>