NSA and FBI release technical report on Drovorub malware
The NSA (National Security Agency) and the FBI (Federal Bureau of Investigation) have issued a joint statement in which they detail the existence of a malware called Drovorub.
This malware, of Russian origin and operated by the APT 28 group (also known as Fancy Bear or Strontium), is designed to attack Linux systems and IoT devices as part of its cyber espionage operations against government offices, political parties and various defense departments.
The technical breakdown explains the Drovorub modus operandi, detailing its 4 executable components (agent, client, server and kernel module), in addition to the mitigation measures that must be taken (update the Linux kernel to version 3.7 and configure the system to only load modules with a valid digital signature).
References:
- 13/08/2020 nsa.gov NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
- 13/08/2020 fbi.gov NSA and FBI Expose Russian Previously Undisclosed Malware Drovorub in Cybersecurity Advisory
- 13/08/2020 zdnet.com FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
- 13/08/2020 hipertextual.com La NSA y el FBI revelan Drovorub, un nuevo malware creado por Rusia para realizar ciberataques