Stories
Slash Boxes
Comments

SoylentNews is people

NSA, FBI Warn of Linux Malware Used in Espionage Attacks

posted by Fnord666 on Friday August 14 2020, @12:10PM   Printer-friendly
from the still-safer-than-windows dept.

upstart writes in with an IRC submission for carny:

NSA, FBI Warn of Linux Malware Used in Espionage Attacks:

A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.

The U.S. government is warning of new malware, dubbed Drovorub, that targets Linux systems. It also claims the malware was developed for a Russian military unit in order to carry out cyber-espionage operations.

The malware, Drovorub, comes with a multitude of espionage capabilities, including stealing files and remotely controlling victims' computers. The malware is sophisticated and is designed for stealth, leveraging advanced "rootkit" technologies that make detection difficult. According to a Thursday advisory by the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems.

"Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."

Despite the in-depth report, the FBI and NSA did not detail how the initial attack vector for the malware occurs. The report also does not specify how long the malware has been in action, or how many companies may have been targeted – and whether any attacks have been successful. Authorities didn't say specify[sic] that the malware initially infects victims either. It did say the threat actor behind the malware uses a "wide variety of proprietary and publicly known techniques to target networks and to persist their malware on commercial devices."

Original Submission

 
This discussion has been archived. No new comments can be posted.
NSA, FBI Warn of Linux Malware Used in Espionage Attacks | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Touché) by stormreaver on Friday August 14 2020, @01:28PM (5 children)

    by stormreaver (5101) on Friday August 14 2020, @01:28PM (#1036520)

    ...the FBI and NSA did not detail how the initial attack vector for the malware occurs.

    It probably requires the user to download the program, change the permissions to allow execution, then manually run it as root so it can install the kernel module.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Touché=1, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 5, Insightful) by DECbot on Friday August 14 2020, @01:54PM (3 children)

    by DECbot (832) on Friday August 14 2020, @01:54PM (#1036525) Journal

    Oh, so you mean "sudo apt install systemd?"

    --
    cats~$ sudo chown -R us /home/base

    • (Score: 0) by Anonymous Coward on Friday August 14 2020, @02:05PM

      by Anonymous Coward on Friday August 14 2020, @02:05PM (#1036527)
      Nah, systemd is open source, even if only Lennart and his Red Hat minions can untangle the ball of string.

      If you want to pollute your system with non-free sudo apt install nvidia-driver

      (Although Torvalds is a fan of neither)

    • (Score: 5, Funny) by DannyB on Friday August 14 2020, @02:11PM (1 child)

      by DannyB (5839) Subscriber Badge on Friday August 14 2020, @02:11PM (#1036529) Journal

      Oh, so you mean "sudo apt install systemd?"

      Why should I have to install systemd?

      I want my malware pre-installed thank you.

      Just like Microsoft users have come to expect.

      --
      The lower I set my standards the more accomplishments I have.

      • (Score: 2) by DECbot on Friday August 14 2020, @02:29PM

        by DECbot (832) on Friday August 14 2020, @02:29PM (#1036537) Journal

        I guess you can nuke and pave when your distro has a new release. There are people out there that will treat their distro as a rolling release regardless how their distro structures their releases. Like this guy who just pointed his apt.conf file from Debian Wheezy repositories to Devuan Jessie repositories when the Wheezy updates stopped coming.

        --
        cats~$ sudo chown -R us /home/base

  • (Score: 4, Informative) by JoeMerchant on Friday August 14 2020, @02:35PM

    by JoeMerchant (3937) on Friday August 14 2020, @02:35PM (#1036541)

    While I appreciate the sentiment, I know more than a few people who are capable of packaging a kernel module into an update that gets pushed as part of "routine security updates." Not to my systems, at least not automatically, but there are plenty of people who accept automatic updates, then all that remains is to plant the malware in the distribution, or any other package that a user is likely to authorize for installation.

    If you're targeting drone manufacturers, for instance, you might put up a PPA that looks like a popular package for a Kalman filtering navigational computations, perhaps even a copy of the most popular site delivering the desired library plus a little extra, but SEO'ed to come up first in common search engines.

    --
    🌻🌻 [google.com]