×
Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by whitelisting our website.

NSA, FBI uncover undisclosed Russian Malware Drovorub deployed for espionage on linus systems

starconnect
starconnect
NSA, FBI burst Russian Melware, Drovorub deployed for espionage on Linus
President Vladimir Putin of Russia

Admin l Thursday, August 13, 2020

WASHINGTON, U.S – The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have released a new cybersecurity advisory about previously undisclosed Russian malware, Drovorub deployed for espionage.

In a statement, the NSA and FBI  said the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.

Further details on Drovorub according to the agencies, which include detection techniques and mitigations can be found in the joint NSA and FBI Cybersecurity Advisory.

“This Cybersecurity Advisory represents an important dimension of our cybersecurity mission, the release of extensive, technical analysis on specific threats,” NSA Cybersecurity Director Anne Neuberger said. “By deconstructing this capability and providing attribution, analysis, and mitigations, we hope to empower our customers, partners, and allies to take action. Our deep partnership with FBI is reflected in our releasing this comprehensive guidance together.”

“For the FBI, one of our priorities in cyberspace is not only to impose risk and consequences on cyber adversaries but also to empower our private sector, governmental, and international partners through the timely, proactive sharing of information,” said FBI Assistant Director Matt Gorham. “This joint advisory with our partners at NSA is an outstanding example of just that type of sharing. We remain committed to sharing information that helps businesses and the public protect themselves from malicious cyber actors.”

Advertisement

Drovorub, according to them is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C2) server.

According to them, when deployed on a victim machine, Drovorub provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands; port forwarding of network traffic to other hosts on the network; and implements hiding techniques to evade detection.

Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise.

TAGGED: , , ,
Share this Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Be the first to get the news as soon as it breaks Yes!! I'm in Not Yet
Verified by MonsterInsights