The US Cybersecurity and Infrastructure Security Agency (CISA) and other partners issued a joint advisory alerting organizations to a sophisticated cyber espionage tool called “Snake” that has been used by Russian cyber actors.
The advisory provides technical descriptions of the malware’s host architecture and network communications and includes recommendations for detecting and defending against the threat.
CISA has urged organizations to review the advisory and apply the recommended mitigation and detection measures.
Furthermoere, the alert follows a joint cybersecurity advisory issued by the Canadian Centre for Cyber Security (Cyber Centre) and partners from the US, Australia, New Zealand, and the UK, which also warned of the global use of Snake by a malicious cyber actor to collect sensitive intelligence from high-priority targets such as government networks, research facilities, and journalists.
The purpose of the joint advisory is to raise awareness of the threat and provide prevention, detection, and mitigation advice to system owners and operators.
Additionally, this is not the first time that CISA has issued warnings about Russian state-sponsored cyber activity. The agency’s Russia Cyber Threat Overview and Advisories webpage contains information on the Russian hacking group APT29 and Russian state-sponsored cyber threats to critical infrastructure.
As cyber threats become more sophisticated, government agencies and cybersecurity experts continue to work together to provide timely warnings and mitigation advice to organizations to help them better protect their systems and networks from malicious cyber activity.
