NSA and FBI release technical report on Drovorub malware

Posted date 17/08/2020

The NSA (National Security Agency) and the FBI (Federal Bureau of Investigation) have issued a joint statement in which they detail the existence of a malware called Drovorub.

This malware, of Russian origin and operated by the APT 28 group (also known as Fancy Bear or Strontium), is designed to attack Linux systems and IoT devices as part of its cyber espionage operations against government offices, political parties and various defense departments.

The technical breakdown explains the Drovorub modus operandi, detailing its 4 executable components (agent, client, server and kernel module), in addition to the mitigation measures that must be taken (update the Linux kernel to version 3.7 and configure the system to only load modules with a valid digital signature).