In a press release issued Thursday, Aug. 13, the National Security Agency (NSA) and the FBI exposed a hacking tool apparently used by Russian military intelligence that poses a threat to information on U.S. government and security networks.
In the indictment against the Russian General Staff’s Main Intelligence Directorate (commonly known as GRU), it warns that the Russian hacking team implemented malware called Drovorub, designed to attack Linux operating systems as part of its cyberspying operations.
The malware could give Russian intelligence hidden access to and control over a large number of servers and networks, which, according to the NSA and the FBI, “poses a threat to national security systems, the Department of Defense, and Defense Industrial Base customers” who use Linux.
Robert Mueller’s special counsel’s report named GRU Unit 26165 as one of two Russian intelligence groups behind Russia’s election interference efforts during the 2016 presidential election, including the hacking of the Democratic National Committee’s email systems.
Mueller did not establish any criminal conspiracy between any Russian and anyone within President Trump’s orbit.
An information letter released by the FBI and NSA on Thursday said, “We’re sharing this information with our customers and the public to counter the capabilities of the GRU GTsSS, an organization, which continues to threaten the United States and its allies.” The content details what the FBI and NSA’s mission is in regard to the cause, and gives some indications on how to detect malware and how to proceed.
FBI Deputy Director Matt Gorham said the office’s priorities in cyberspace are not only to detect and eliminate cyberadversaries, but also to empower the private sector, government, and international users through the exchange of timely information to help protect against malicious cyberattacks.
The NSA and the FBI also released a 45-page cyber security warning report that goes into technical detail about GRU’s Drovorub malware and provides guidance to U.S. companies and agencies on how to protect themselves against cyberattacks.
Last month, according to the Washington Examiner, the United States, United Kingdom, and Canada jointly accused Russian intelligence of attempting to pirate companies developing the CCP Virus vaccine in all three countries in an effort to steal their research, also blaming the piracy group “APT29,” known as “the Dukes” or “Cozy Bear.”
“Throughout 2020, APT29 has targeted various organizations involved in COVID-19 [CCP Virus] vaccine development in Canada, the United States, and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” the 16-page joint alert by the U.S., U.K., and Canada concluded.