Advisory Type: IT Security
Severity: High
PDS is providing the following communication to build awareness of high priority risks due to the Drovorub Malware and risks to Linux systems. On August 13, 2020, the NSA and FBI released a joint cybersecurity advisory detailing the risks from a previously undisclosed malware named “Drovorub” which affects Linux systems. Attribution of the malware has been established as the Russian GRU, an intelligence branch of the Russian national government, which is also commonly known as APT28, Strontium, and Fancy Bear. Drovorub is a malware toolset consisting of kernel modules, file transfer and port forwarding capabilities, and capabilities for communication with a Command-and-Control (C2) server. One significant risk factor is Drovorub’s kernel module can hide its presence and artifacts from enterprise detection and mitigation tools. The NSA and FBI publications clearly indicate Drovorub represents a threat to National and Industrial Base organizations which use Linux systems.
Recommended upgrades: Upgrade Linux kernels to version 3.7 or newer
We strongly advise customers to review the Cybersecurity Advisory and upgrade their environments. PDS Architects are available to assist with the upgrades, your Account Director can help in arranging for this upgrade support.
NSA & FBI Cybersecurity Advisory – Drovorub Malware
NSA & FBI Drovorub Malware – Fact Sheet