Linux Hacked: Russians Insert 'Drovorub' Malware on Linux Computers That Interferes US Election, Reveal FBI and NSA

Jamie P., Tech Times 14 August 2020, 01:08 am

Here's a warning to all Linux users. The United States Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) revealed in a report that they found a hidden malware lurking on the Linux-based computers. Both agencies point their fingers on Russian hackers. What can this 'Fancy Bear' malware do and how to prevent being a victim of one?

Warning: Russian hackers are back!

(Photo : Photo by Kevin Horvat on Unsplash )
Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA

As reported via Reuters, on Thursday, Aug. 13, the FBI and NSA told the media that a sophisticated Russian hacking tool was recently found on Linux-based computers.

According to their report, Russia's Main Intelligence Directorate, known as the GRU, was using a hacking tool codenamed "Drovorub." They claim that it is the work of the APT28 (Fancy Bear, Sednit), a codename normally given to the hackers operating out of the Russian military group.

Linux is an open-source operating system that is normally used for web-serving, databases, or computing. It is a close competitor of Microsoft.

"Linux systems are used pervasively throughout National Security Systems, the Department of Defense, and the Defense Industrial Base - as well as the larger cybersecurity community writ large," Keppel Wood, chief operations officer in the NSA's Cybersecurity Directorate, told Reuters. "The malware has the potential to have a widespread impact if network defenders don't take action against it."

Through the warning, both security agencies said that private companies should be alert and raise awareness, especially if they use the software.

What is 'Drovorub' malware

(Photo : Photo by Michael Dziedzic on Unsplash)
Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA

As further explained by McAfee CTO, Steve Grobman via ZDNet, 'Drovorub' is a Linux malware toolset that inserts a 'kernel module rootkit' on the system of a computer.

This implant does an automatic file transfer and port forwarding tool. Technically, it means that hackers can easily control and access a computer once the malware is inside the system.

"In addition to Drovorub's multiple capabilities, it is designed for stealth by utilizing advanced 'rootkit' technologies that make detection difficult," the McAfee exec added. "The element of stealth allows the operatives to implant the malware in many different types of targets, enabling an attack at any time."

The Russian GRU has not yet commented on the issue. However, here's another expose from the McAfee expert. He warned that the Drovorub could pose a threat for espionage or worse, election interference in the country.