New malware dubbed Drovorub doing rounds say FBI and NSA

644

FBI and NSA have released a joint statement early this week saying that a newly devised Linux malware dubbed ‘Drovorub’ was doing rounds on the internet and the two law enforcement agencies estimate that the malware meant for the backdoor activities was developed to cause disruption of servers in federal agencies just before the 2020 US President Elections scheduled to be held on November 13th, 2020.

According to a 42-page Cybersecurity advisory released by FBI and NSA jointly, Drovorub has capabilities of establishing a direct connection of threat actors with remote servers and can execute commands like file uploads and downloads along port forwarding techniques to divert traffic to a remote location by conventionally evading detection.


The US Government believes that the newly devised malware was developed by noted Russian hacking group called Fancy Bear aka APT 28 that has a direct link with the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

As Linux Operating systems are used in most of the public and private organizations like Twitter, Military and whole of the Cybersecurity Community, the malware if launched has the potential to do unprecedented damage to the online world say experts.

NSA wants to thwart such attacks with wit and sophistication by empowering the pubic and the private firms with awareness related to the cyber threats and sharing of mitigation tools on such malware spread campaigns.

Implementing SecureBoot in ‘full’ or thorough mode can help prevent attacks on the kernel modules as it helps in blocking the loading of Drovorub via Kernel Module say experts from the Federal Bureau of Investigation (FBI).