U.S. officials said on Tuesday they've taken down a global network of compromised computers that Russian intelligence agents used for nearly 20 years to spy on the United States and its allies.
Officials said a unit within Russia's Federal Security Service, or FSB, used a malicious software called Snake to steal sensitive documents from hundreds of compromised computer networks in at least 50 countries.
The hacked computers belonged to NATO member governments, journalists and other targets of interest to the Russian government, officials said.
Snake-infected computers in the United States and around the world served as conduits for funneling the stolen data back to Russia.
The Justice Department called Snake the "FSB's premiere cyberespionage malware implant."
"The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies," Attorney General Merrick Garland said in a statement. "We will continue to strengthen our collective defenses against the Russian regime's destabilizing efforts to undermine the security of the United States and our allies."
The FBI dismantled the Snake network with a court-approved operation dubbed MEDUSA, the Justice Department said.
The operation disabled the Snake malware on compromised computers with an FBI-created tool named PERSEUS.
The bureau is working with authorities in other countries to notify other victims of Snake infections, officials said.
The FBI has been tracking Snake and related malware tools for nearly two decades, developing the ability to decrypt and decode Snake communications.
Deputy Attorney General Lisa Monaco said the takedown "has neutralized one of Russia's most sophisticated cyber-espionage tools, used for two decades to advance Russia's authoritarian objectives."
"By combining this action with the release of the information victims need to protect themselves, the Justice Department continues to put victims at the center of our cybercrime work and take the fight to malicious cyber actors," Monaco said in a statement.
Court documents released on Tuesday detailed how the FSB unit, known as Turla, deployed Snake from a known FSB facility in Ryazan, Russia, to conduct daily espionage operations.
The unit has repeatedly upgraded and revised the malware to ensure it remains "Turla's most sophisticated long-term cyberespionage malware implant," the Justice Department said.