Russian spies are using a new type of malicious software to break into Linux computer systems, the U.S. National Security Agency and FBI warned in a joint alert issued Thursday.
The NSA and FBI said the previously undisclosed strain of malware, “Drovorub,” is being deployed by a unit of the Russian military known by names including Fancy Bear and APT 28.
In a detailed, 45-page report, the agencies accused the hackers of using Drovorub as part of Russia’s espionage operations and offered advice to detect and mitigate infections.
“By deconstructing this capability and providing attribution, analysis and mitigations, we hope to empower our customers, partners and allies to take action,” said Anne Neuberger, NSA’s director of cybersecurity.
“For the FBI, one of our priorities in cyberspace is not only to impose risk and consequences on cyber adversaries but also to empower our private sector, governmental and international partners through the timely, proactive sharing of information,” added FBI Assistant Director Matt Gorham.
The joint alert described Drovorub as a powerful hacking tool designed to quietly take full control of Linux systems. National security and U.S. Department of Defense systems “pervasively” use Linux systems, the NSA noted.
Fancy Bear hackers have previously been accused of conducting several high-profile espionage campaigns attributed to Russia, including notably the campaign against the 2016 U.S. elections.
Russia has repeatedly denied those accusations, however, Russian state-media noted Thursday. Moscow otherwise had no immediate reaction to the joint warning.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.