Learning Center Article

Log In

Drovorub Malware Alert

by FBI Cyber Division | Other | 08/24/2020

The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, is deploying previously undisclosed malware for Linux® systems, called Drovorub, as part of its cyber espionage operations. GTsSS malicious cyber activity has previously been attributed by the private sector using the names Fancy Bear, APT28, Strontium, and a variety of other identifiers. (Department of Justice, 2018) (Washington Post, 2018) (CrowdStrike, 2016) This publication provides background on Drovorub, attribution of its use to the GTsSS, detailed technical information on the Drovorub malware, guidance on how to detect Drovorub on infected systems, and mitigation recommendations. Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election as described in the 2017 Intelligence Community Assessment, Assessing Russian Activities and Intentions in Recent US Elections (Office of the Director of National Intelligence, 2017).

To read more, please log in

Junto Plus
Over the past decade, organizations have increasingly shed their on-site email systems in favor of cloud-hosted services. This has brought a myriad of benefits, particularly improved access to information and communication tools as well as cost savings. Unfortunately, this transformation has also increased the risk of business email compromise (BEC) events.
08/19/20 | Junto Plus