<a href="https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF" rel="nofollow">https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOI...</a> has some interesting technical details.<p>Good to see the bad guys also make bits-vs-bytes mistakes, with their 128 bit Diffie-Hellman key. But it's puzzling why they'd be using OpenSSL, it's not the easiest software to embed. I guess they don't have to worry about the advertising license clause!