Linux Hacked: Russians Insert 'Drovorub' Malware on Linux Computers That Interferes US Election, Reveal FBI and NSA

Here's a warning to all Linux users. The United States Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) revealed in a report that they found a hidden malware lurking on the Linux-based computers. Both agencies point their fingers on Russian hackers. What can this 'Fancy Bear' malware do and how to prevent being a victim of one?

Warning: Russian hackers are back!

Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA
Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA Photo by Kevin Horvat on Unsplash

As reported via Reuters, on Thursday, Aug. 13, the FBI and NSA told the media that a sophisticated Russian hacking tool was recently found on Linux-based computers.

According to their report, Russia's Main Intelligence Directorate, known as the GRU, was using a hacking tool codenamed "Drovorub." They claim that it is the work of the APT28 (Fancy Bear, Sednit), a codename normally given to the hackers operating out of the Russian military group.

Linux is an open-source operating system that is normally used for web-serving, databases, or computing. It is a close competitor of Microsoft.

"Linux systems are used pervasively throughout National Security Systems, the Department of Defense, and the Defense Industrial Base - as well as the larger cybersecurity community writ large," Keppel Wood, chief operations officer in the NSA's Cybersecurity Directorate, told Reuters. "The malware has the potential to have a widespread impact if network defenders don't take action against it."

Through the warning, both security agencies said that private companies should be alert and raise awareness, especially if they use the software.

What is 'Drovorub' malware

Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA
Linux Hacked: Russian Hackers Insert 'Fancy Bear' Malware on Linux Computers, Reveal FBI and NSA Photo by Michael Dziedzic on Unsplash

As further explained by McAfee CTO, Steve Grobman via ZDNet, 'Drovorub' is a Linux malware toolset that inserts a 'kernel module rootkit' on the system of a computer.

This implant does an automatic file transfer and port forwarding tool. Technically, it means that hackers can easily control and access a computer once the malware is inside the system.

"In addition to Drovorub's multiple capabilities, it is designed for stealth by utilizing advanced 'rootkit' technologies that make detection difficult," the McAfee exec added. "The element of stealth allows the operatives to implant the malware in many different types of targets, enabling an attack at any time."

The Russian GRU has not yet commented on the issue. However, here's another expose from the McAfee expert. He warned that the Drovorub could pose a threat for espionage or worse, election interference in the country.

How to prevent getting hacked?

FBI enlisted things that Linux owners can do in order to prevent being a victim of the Russian hackers.

The agency recommends updating any Linux systems that they have in the office or home. Specifically, the kernel version 3.7 or later versions.

ALSO READ: Intel Hacked: 20GB of Data Including Secret Files Accessible Using Password 'Intel123' Leak Online

This article is owned by Tech Times

Written by Jamie Pancho

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics