FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers ZDNet
https://nu.federati.net/url/273947

>The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia's military hackers.
>
>The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks.
>
>Based on evidence the two agencies have collected, FBI and NSA officials claim the malware is the work of APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS).
>
>Through their joint alert, the two agencies hope to raise awareness in the US private and public sectors so IT administrators can quickly deploy detection rules and prevention measures.
>Drovorub — APT28's swiss-army knife for hacking Linux
>
>Per the two agencies, Drovorub is a multi-component system that comes with an implant, a kernel module rootkit, a file transfer tool, a port-forwarding module, and a command-and-control (C2) server.
>
>"Drovorub is a 'swiss-army knife' of capabilities that allows the attacker to perform many different functions, such as stealing files and remote controlling the victim's computer," McAfee CTO, Steve Grobman, told ZDNet in an email today.
>...