Security News > 2020 > August > FBI, NSA Share Details on New 'Drovorub' Linux Malware Used by Russia
The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems.
Drovorub, a joint advisory from the NSA and the FBI reveals, is being employed by the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165, which is better known as the cyber-espionage group APT 28.
The NSA and the FBI, which provide full technical details on the Drovorub malware, say that systems running Linux kernel versions of 3.7 or lower are exposed, due to the lack of adequate kernel signing enforcement.
The advisory also reveals that Drovorub cannot achieve persistence on systems where the UEFI secure boot is enabled in "Full" or "Thorough" mode, thus ensuring that signed kernel modules are being loaded.
"Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise," the agencies warned.
News URL
Related news
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- FBI: Free file converter sites and tools deliver malware (source)
- Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters (source)
- FBI warnings are true—fake file converters do push malware (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)