The US federal government has claimed that it legally hacked into a network of computers infected by ‘malware’ to shut down a Russian online spying operation. A court warrant allowed FBI agents to remotely access infected computers, which officials described as an “innovative use of legal authorities.”
On Tuesday, the US Department of Justice revealed details of Operation MEDUSA, a joint effort by several US and foreign law enforcement and intelligence agencies that targeted a hacker group nicknamed ‘Turla’.
US officials claimed that the group was linked to the Russian Federal Security Service (FSB), and had deployed a sophisticated malware toolkit dubbed ‘Snake’. Compromised computers were used by the hackers to copy stolen files and deploy other cyberweapons, Washington claimed.
“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” US Attorney General Merrick Garland said.
Operation MEDUSA involved the FBI remotely accessing infected computers and tricking Snake into self-destructing. The hacking was authorized by the Eastern District of New York and constituted “innovative use of legal authorities,” according to Matthew G. Olsen, who heads the DoJ’s National Security Division.
The US government did not say how many American computers it had accessed but said it had notified owners of the operation.
Officials claimed that the FSB unit was operating out of the city of Ryazan and that the network under its control stretched across 50 nations. The Cybersecurity and Infrastructure Security Agency (CISA) said human error on the part of the Russians had allowed US cybersecurity experts to identify the malware and develop a tool to counter it.
Washington described the outcome as a major victory for itself and its allies, stating that the network was “the FSB’s most sophisticated long-term cyberespionage malware implant.”