The FBI and the National Security Agency believe that the General Directorate of Russian Intelligence is behind the new virus Drovorub.
The U.S. intelligence services have identified a new, previously unknown Russian Internet virus tool used for hacking computers, code-named Drovorub. This was reported on Thursday, August 13, by the Federal Bureau of Investigation (FBI) and the U.S. National Security Agency (NSA).
According to the intelligence agency, the Russian Intelligence Directorate used this hacking tool to break into computers running on the Linux operating system.
“Linux systems are used pervasively throughout National Security Systems, the Department of Defense, and the Defense Industrial Base – as well as the larger cybersecurity community writ large,” explained Keppel Wood, chief operations officer in the NSA’s Cybersecurity Directorate, in an interview to Reuters.
“The malware has the potential to have a widespread impact if network defenders don’t take action against it.”
The FBI and NSA link Drovorub with a specific group of Russian intelligence military unite 26165 – the 85th Main Special Service Center (GTsSS). The US agencies said that the GTsSS is linked to the same hackers who hacked into the Democratic Party servers in 2016.
“Drovorub is a ‘Swiss Army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote-controlling the victim’s computer,” says Steve Grobman, CTO at cybersecurity firm McAfee.
The 45-page NSA / FBI technical report is the latest in a series of public appeals by the US government aimed at Russian hacking operations ahead of the 2020 US presidential election. The agencies did not disclose which types of organizations were compromised by Drovorub.