Ocnus.Net
News Before It's News
About us | Ocnus? |

Front Page 
 
 Africa
 
 Analyses
 
 Business
 
 Dark Side
 
 Defence & Arms
 
 Dysfunctions
 
 Editorial
 
 International
 
 Labour
 
 Light Side
 
 Research
Search

Research Last Updated: Aug 26, 2020 - 3:10:44 PM

NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
By Release No: PA-001-20 Aug. 13, 2020
Aug 25, 2020 - 1:40:00 PM

 		Email this article
 Printer friendly page

Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware Cybersecurity Advisory

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a new Cybersecurity Advisory about previously undisclosed Russian malware.

The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations. Further details on Drovorub, to include detection techniques and mitigations, can be found in the joint NSA and FBI Cybersecurity Advisory.

"This Cybersecurity Advisory represents an important dimension of our cybersecurity mission, the release of extensive, technical analysis on specific threats," NSA Cybersecurity Director Anne Neuberger said. "By deconstructing this capability and providing attribution, analysis, and mitigations, we hope to empower our customers, partners, and allies to take action. Our deep partnership with FBI is reflected in our releasing this comprehensive guidance together."

“For the FBI, one of our priorities in cyberspace is not only to impose risk and consequences on cyber adversaries but also to empower our private sector, governmental, and international partners through the timely, proactive sharing of information,” said FBI Assistant Director Matt Gorham. “This joint advisory with our partners at NSA is an outstanding example of just that type of sharing. We remain committed to sharing information that helps businesses and the public protect themselves from malicious cyber actors.”

Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C2) server. When deployed on a victim machine, Drovorub provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands; port forwarding of network traffic to other hosts on the network; and implements hiding techniques to evade detection.

Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise.

 

Source:Ocnus.net 2020

Top of Page
Research
Latest Headlines
How the Mountain Jews of Azerbaijan Endure
American technology boosts China’s hypersonic missile program
Meet Henrietta Wood, The Freed Slave Who Successfully Sued For Reparations
Allseas Begins Deep-Sea Trial of Polymetallic Nodule Mining System
Research sheds light on Japan’s wartime espionage network inside the United States
The Strange Mechanics of Fire Ant Rafts
Climate Change Signatures in South Asia
The frontrunners in the trillion-dollar race for limitless fusion power
Here’s the Whole Transcript of That Leaked Steve Bannon Tape, Annotated
Why did Russia help the United States during the Civil War?