Security News > 2021 > February > The Drovorub Mystery: Malware NSA Warned About Can't Be Found
A piece of malware linked by U.S. intelligence agencies to hackers believed to be backed by the Russian government remains a mystery to the private sector, which apparently hasn't found a single sample of the malware, and one researcher went as far as suggesting that it may be a false flag set up by the United States itself.
In August 2020, the NSA and the FBI released a joint cybersecurity advisory detailing a piece of malware they named Drovorub.
The 45-page report released by the NSA and FBI describes Drovorub as a "Linux malware toolset" that consists of an implant with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.
The advisory shares information on how Drovorub works, how it can be detected, and how organizations can protect their systems against attacks involving the malware.
In November, French industrial giant Schneider Electric issued an advisory to warn customers about the potential threat posed by Drovorub to some of its products, but the company told SecurityWeek at the time that it hadn't been aware of any actual incident involving the malware - its alert was issued based on the information from the NSA advisory.
No one in the private sector appears to have seen Drovorub attacks, or samples of the malware.