Drovorub
The Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have released a report regarding a new malware type whose usage and development have been attributed to a Russian cybercrime organization tracked under APT28. The new malware implant is called Drovorub. It is believed to be involved in sophisticated attacks against Linux-based systems – the malware can infiltrate the compromised host silently and then collect information or execute remote commands that enable the attacker to take full control over the infected system.
Sofacy's Drovorub Malware may Have Targeted US Government Departments
APT28, also known as Fancy Bear or Sofacy, has been active in the cybercrime field for over a decade, and its activity is believed to be backed up by the GRU, Russia's Main Intelligence Directorate. Almost always, APT28's campaigns benefit the Russian government in some way, and the Drovorub campaign is not any different – however, the FBI and NSA report did not include details about the organizations that Drovorub targets, nor did it mention anything regarding the malware's activity period.
What the report did mention, however, is the features found in the Drovorub. The first and most meaningful thing to mention about this malware is that it has the ability to compromise Linux systems, which makes it a very advanced and sophisticated project automatically. Not only it is able to infect Linux devices, but it also can gain escalated permissions that allow it to execute a wide range of tasks such as:
- Communicate with the remote C2 (Command-and-Control) server.
- Receive commands to execute, and then return the output to the attacker's server.
- Manipulate network traffic.
- Spy on network traffic.
- Avoid automatic detection tools.
- Download and upload files.
According to the FBI and NSA's joint report, Drovorub is likely to threaten networks related to the Defense Industrial Base, Department of Defense and National Security Systems. Needless to say, this is a major security concern, and the likely targets should adopt the necessary mitigation measures to protect their networks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.