<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:"Franklin Gothic Book";

        panose-1:2 11 5 3 2 1 2 2 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

p.xxxmsonormal, li.xxxmsonormal, div.xxxmsonormal

        {mso-style-name:x_x_x_msonormal;

        margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

p.xxxmsonospacing, li.xxxmsonospacing, div.xxxmsonospacing

        {mso-style-name:x_x_x_msonospacing;

        margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

span.xxxcontentpasted0

        {mso-style-name:x_x_x_contentpasted0;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal">FYSA<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<div>

<div id="x_x_mail-editor-reference-message-container">

<div>

<div>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">Today, the Cybersecurity and Infrastructure Security Agency (</span></span><span style="font-size:12.0pt;color:black"><a href="https://cisa.gov/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CISA</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the Federal Bureau of Investigation (</span></span><span style="font-size:12.0pt;color:black"><a href="https://fbi.gov/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">FBI</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the National Security Agency (</span></span><span style="font-size:12.0pt;color:black"><a href="https://nsa.gov/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">NSA</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the U.S. Cyber Command Cyber National Mission Force (</span></span><span style="font-size:12.0pt;color:black"><a href="https://www.cybercom.mil/About/Components/CNMF/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CNMF</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the United Kingdom National Cyber Security Centre (</span></span><span style="font-size:12.0pt;color:black"><a href="https://www.ncsc.gov.uk/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">NCSC UK</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the Canadian Centre for Cyber Security (</span></span><span style="font-size:12.0pt;color:black"><a href="https://cyber.gc.ca/en"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CCCS</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 Canada’s Communications Security Establishment (</span></span><span style="font-size:12.0pt;color:black"><a href="https://www.cse-cst.gc.ca/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CSE</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 the Australian Cyber Security Centre (</span></span><span style="font-size:12.0pt;color:black"><a href="https://www.cyber.gov.au/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">ACSC</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">),

 and the New Zealand National Cyber Security Centre (</span></span><span style="font-size:12.0pt;color:black"><a href="https://www.ncsc.govt.nz/"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">NCSC NZ</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">)

 released a <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a" title="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a">

joint cybersecurity advisory</a> (CSA) on Snake malware, the most sophisticated cyber espionage tool designed and used by Russia’s Federal Security Service (FSB).

</span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">The

</span></span><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">nearly 50-page cyber advisory details how Russia’s FSB has been observed using this malware to exploit a range of businesses and governments in 50 countries across North

 America, South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself.</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">The level of sophistication of Snake includes: 1) a means to achieve a heightened level of stealth in its host components and

 network communications; 2) internal technical architecture that allows for advanced interoperability; and 3) careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity. Snake has been modified

 several times since it was developed in 2003; however, this CSA mostly focuses on one of the more recent variants that, up until now, has not been widely disclosed.</span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">Within the United States, education, small businesses, and media organizations, as well as critical infrastructure sectors including

 local government, finance, manufacturing, and communications have been victims of FSB cyber actors.

</span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B">All organizations are encouraged to review the mitigation and detection techniques in the advisory and follow their policies

 and incident response best practices to minimize risk to operations while hunting for Snake.</span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span style="color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonospacing"><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">For more on Russian malicious cyber activity, visit

</span></span><span style="font-size:12.0pt;color:black"><a href="https://cisa.gov/Russia"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">https://cisa.gov/Russia</span></a></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">.

</span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>

<p class="xxxmsonormal" style="margin-bottom:8.0pt;line-height:105%"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-size:12.0pt;line-height:105%;color:black"><o:p></o:p></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">

</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>

<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_2" src="cid:image001.png@01D9824E.69A19F40"><span style="color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

</div>

</body>

</html>