FBI Disrupts Operation of Cyber Espionage Unit Run by Russian Government

The U.S. government on May 9 revealed that the FBI had carried out an operation that disrupted the work of the Turla group, a cyber espionage unit run by Russia’s Federal Security Service. The operation, dubbed “Medusa,” was enabled by the issuance of a court authority based on Rule 41 of the Federal Rules of Criminal Procedure, which allowed the FBI to hack into multiple computers following the issuance of a single warrant.

Also known as waterbug and venomous bear, Turla had been using the Snake malware since 2004 and continuously updated it to steal sensitive documents from computers in at least 50 countries. The actor used a covert network of compromised computers to exfiltrate the stolen materials, CyberScoop reported.

Attorney General Merrick Garland said in a statement that the U.S. will continue to strengthen its defenses against the destabilizing efforts of the Russian government, which has used a global network of malware-infected computers for cyber espionage. The FBI has identified 19 IP addresses in the U.S. that were infected with the Snake malware but the agency declined to reveal the total number of U.S.-based computers that have been infected by the malware.