Joint Cybersecurity Advisory – Hunting Russian Intelligence “Snake” Malware

WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.

Today, CISA the FBI, the NSA, the U.S. Cyber Command Cyber National Mission Force (CNMF), the United Kingdom National Cyber Security Centre (NCSC UK), the Canadian Centre for Cyber Security (CCCS), Canada’s Communications Security Establishment (CSE), the Australian Cyber Security Centre (ACSC), and the New Zealand National Cyber Security Centre (NCSC NZ) published a joint cybersecurity advisory (CSA) on Snake malware, the most sophisticated cyber espionage tool designed and employed by Russia’s Federal Security Service (FSB).

The nearly 50-page cyber advisory comprehensively details how Russia’s FSB has been observed using this malware to exploit a range of businesses and governments in 50 countries across North America, South America, Europe, Africa, Asia, and Australia, including in the U.S. and Russia itself. The capabilities of Snake include a means to achieve a heightened level of stealth in its host components and network communications; internal technical architecture that allows for advanced interoperability; and careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity.

Within the U.S., education, small businesses, and media organizations, as well as critical infrastructure sectors including local government, finance, manufacturing, and communications have been victims of FSB cyber actors. All organizations are encouraged to review the mitigation and detection techniques in the advisory and follow their policies and incident response best practices to minimize risk to operations while hunting for Snake. Access the full advisory at CISA.