FBI and NSA discover Linux vulnerability exploited by Russian intelligence services

🔊 Listen to this post Now in English

Russia is said to be using Linux malware to undermine US national security.

The FBI and the NSA have just published a report in which we can find numerous warnings about malware developed under Linux. According to the report, Russia is using this software to stealthily infiltrate sensitive networks, steal confidential information and execute malicious commands. This report provides extremely precise details, and describes the Drovorub malware as a kind of toolkit that has so far gone completely unnoticed.

Discreet and powerful
This software is said to be run by the GRU, the Russian military intelligence agency that has been linked to more than a decade of brazen campaigns, many of which have inflicted severe damage on US national security.

Here is what NSA and FBI officials wrote in this report: “The information in this cybersecurity advisory is being publicly disclosed to help the owners of the national security system and the public to counter the capabilities of the GRU, a organization that continues to threaten the United States and allies of the United States as part of its dishonest behavior, including their interference in the 2016 US presidential election, as described by the 2017 Intelligence Community Assessment, which assesses Russia’s activities and intentions in the recent US elections (Office of the Director of National Intelligence, 2017) ”.

The Drovorub software contains 4 main elements. A client capable of infecting Linux devices, a module that uses rootkit tactics (a set of techniques implemented by one or more software, the purpose of which is to obtain and perpetuate access (usually unauthorized) to a computer as stealthily as possible) to gain persistence and hide its presence from operating systems, not to mention a server to store stolen data, as well as an agent that uses compromised servers to mediate between infected machines and the servers.