Security News > 2020 > August > FBI, NSA Share Details on New 'Drovorub' Linux Malware Used by Russia
The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems.
Drovorub, a joint advisory from the NSA and the FBI reveals, is being employed by the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165, which is better known as the cyber-espionage group APT 28.
The NSA and the FBI, which provide full technical details on the Drovorub malware, say that systems running Linux kernel versions of 3.7 or lower are exposed, due to the lack of adequate kernel signing enforcement.
The advisory also reveals that Drovorub cannot achieve persistence on systems where the UEFI secure boot is enabled in "Full" or "Thorough" mode, thus ensuring that signed kernel modules are being loaded.
"Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise," the agencies warned.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- Russia arrests one of its own – a cybercrime suspect on FBI's most wanted list (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)