Security News

The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems. Drovorub, a joint advisory from the NSA and the FBI reveals, is being employed by the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165, which is better known as the cyber-espionage group APT 28.

The NSA and FBI are sounding the alarm over a dangerous new strain of Linux malware being employed by Russian government hackers often dubbed the Fancy Bear crew. Uncle Sam explicitly said on Thursday the miscreants - formally known as the 85th Main Special Service Center - operate within the Russian intelligence directorate, aka the GRU. The software nasty in question is Drovorub, a rootkit designed to infect Linux systems, take control of them, and siphon off files.

According to a Thursday advisory by the National Security Agency and the Federal Bureau of Investigation, the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems. "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."

Security experts detailed a litany of concerns following an announcement on Monday from the Federal Bureau of Investigation about the official end of life for Windows 7. "As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target," the FBI notice said.

Court documents made public last week by U.S. authorities following the announcement of charges against three individuals allegedly involved in the recent Twitter attack revealed how some of the hackers were identified by investigators. According to court documents, a user with the online moniker Kirk#5270 on the chat service Discord claimed to work for Twitter and offered to provide access to any user account.

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

The Federal Bureau of Investigation this week released an alert to warn businesses of ongoing cyberattacks involving the NetWalker ransomware. "As of June 2020, the FBI has received notifications of NetWalker ransomware attacks on U.S. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors," the FBI's alert reads.

The Federal Bureau of Investigation has issued an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software. Weeks later, Trustwave published information on another piece of malware deployed through mandatory tax software onto the networks of organizations doing business in China.

An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. Abbas allegedly ran so-called business email compromise scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient.

An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. Abbas allegedly ran so-called business email compromise scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient.