The malware is a kind of Swiss army knife. Using Drovorub, hackers can do many things like controlling the target’s systems and stealing data and personal files. Besides this, Drovorub is designed to work in stealth mode. It uses rootkit technologies to stay undetected. It allows hackers to deploy malware at different places and systems, which allows attack at any given instant. Regarding the cyberattacks issue, the US has always been a primary target for cybercriminals due to its sophisticated technology environment.
There’s no substantial evidence as to the motive behind this attack. However, experts believe that the purpose might be espionage or tampering the upcoming presidential elections. The joint report of FBI and NSA says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, is deploying previously undisclosed malware for Linux® systems, called Drovorub, as part of its cyberespionage operations. GTsSS malicious cyber activity has formerly been attributed by the private sector using the names Fancy Bear, APT28, Strontium, and various other identifiers.”
To stay safe, the agency has recommended US companies updating Linux systems to the latest update kernel version 3.7. “To prevent an order from being susceptible to Drovorub’s hiding and persistence, system administrators should upgrade to Linux Kernel 3.7 or later to take full advantage of kernel signing enforcement. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actor to introduce a malicious kernel module into the system,” says the US intelligence agencies’ report.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.