Learning Center Article

Log In

Drovorub Malware Alert

by FBI Cyber Division | Other | 08/24/2020

The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, is deploying previously undisclosed malware for Linux® systems, called Drovorub, as part of its cyber espionage operations. GTsSS malicious cyber activity has previously been attributed by the private sector using the names Fancy Bear, APT28, Strontium, and a variety of other identifiers. (Department of Justice, 2018) (Washington Post, 2018) (CrowdStrike, 2016) This publication provides background on Drovorub, attribution of its use to the GTsSS, detailed technical information on the Drovorub malware, guidance on how to detect Drovorub on infected systems, and mitigation recommendations. Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election as described in the 2017 Intelligence Community Assessment, Assessing Russian Activities and Intentions in Recent US Elections (Office of the Director of National Intelligence, 2017).

To read more, please log in

Junto Plus
As the leading cause of cybercrime, ransomware causes numerous losses for companies—including the looming threat of federal regulatory action for paying ransoms. In our conversation, Philip Yannella, practice leader of Ballard Spahr’s Privacy and Data Security Group, and Greg Szewczyk, partner elect in Ballard’s PDS group, explained these liabilities and how to avoid them.
10/21/20 | Junto Plus