CyberWire Daily - CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
Episode Date: May 11, 2023The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or FSB, for long-term intelligence collection on sens...itive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. Original release date, May 9, 2023 The snake implant is considered the most sophisticated cyber espionage tool
designed and used by Center 16 of Russia's Federal Security Service, or FSB,
for long-term intelligence collection on sensitive targets.
To conduct operations using this tool,
the FSB created a covert peer-to-peer network of numerous snake-infected computers worldwide.
Many systems in this network serve as relay nodes that disguise operational traffic to and from snake implants on the FSB's ultimate targets.
Snake's custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
This advisory was developed as a joint effort by an international partnership of multiple agencies including CISA, FBI, NSA, the Cyber National Mission Force,
the UK National Cyber Security Centre,
the Canadian Centre for Cyber Security and Communication Security Establishment,
the Australian Cyber Security Centre,
and the New Zealand National
Cyber Security Center.
These partners have identified snake infrastructure in over 50 countries across North America,
South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself.
Globally, the FSB has used snake to collect sensitive intelligence from high-priority
targets such as government networks, research facilities, and journalists. Globally, the FSB has used SNAIC to collect sensitive intelligence from high-priority targets,
such as government networks, research facilities, and journalists.
Within the United States, the FSB has victimized industries including education, small businesses, and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing, and communications.
Thank you. are provided to assist network defenders in detecting snake and associated activity. The authoring agencies encourage all organizations to implement the recommendations in the mitigation
section of this advisory to reduce the likelihood and impact of similar incidents.
To report incidents in anomalous activity or to request incident response resources or technical
assistance, contact CISA at report at cisa.gov, call 888-282-0870
or report incidents to your local FBI field office.
This report was written by CISA,
the United States Cybersecurity
and Infrastructure Security Agency,
and edited and adapted for audio
by N2K Networks as a public service.
Please visit www.cisa.gov to read the full report,
which may include additional details,
links, and illustrations.
A link to this report can be found in the show notes.
This has been a CISA Cybersecurity Alert.