When the NSA and FBI said that they are seeing increased activity from Russian state hackers and this was regarding the research and development of the Coronavirus vaccine and they were trying to get access to insider details, we knew that something was not right. However, the Russian side, as well as others, denied allegations saying that they reject all such accusations against them. But the FBI and NSA are responsible agencies which means they will not just say they have seen activity without having any proofs and confirmation of the same.
Now that confirmation has come and we have reports that the FBI and NSA have proofs of a new type of Linux malware that is being used by Russian state hackers in order to get inside the targets. A joint security alert by the FBI and NSA has also been released and this Linux malware called the Drovorub is also revealed. FBI and NSA also claim that this Linux malware was “developed and deployed in real-world attacks by Russia’s military hackers”
The main purpose of this Linux malware is to “plant backdoors inside hacked networks.” They add that this malware is created by “APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS)”.
The reason why a joint security alert has been released is to make companies aware about such malware and that they hope it will increase security inside the organizations so that such things can be avoided in the future. The statement reads that “Drovorub is a ‘swiss-army-knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote controlling the victim’s computer,”. Basically, it goes on to reveal that the malware is quite powerful and can be used for a lot of things.