Drovorub

Drovorub (Russian: дроворуб, "woodcutter") is a software toolkit for developing malware for the Linux operating system. It was created by the 85th Main Special Service Center, a unit of the Russian GRU often referred to as APT28.[1][2]

Drovorub has a sophisticated modular architecture,[3] containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.[2] Drovorub has been described as a "Swiss-army knife for hacking Linux".[4]

The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.[5]

References
  1. "Drovourm Malware: Fact Sheet & FAQs" (PDF). nsa.gov. Retrieved 21 August 2020.
  2. "Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" (PDF). media.defense.gov. August 2020. Retrieved 21 August 2020.
  3. Cimpanu, Catalin. "FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers". ZDNet. Retrieved 2020-08-21.
  4. Jerzewski, Matthew (2020-08-20). "Drovorub Malware - "Taking systems to the wood chipper"". The State of Security. Retrieved 2020-08-21.
  5. "NSA and FBI expose Russian 'Drovorub' malware used to target Linux systems". www.computing.co.uk. 2020-08-14. Retrieved 2020-08-21.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.