The U.S. National Security Agency (NSA) and FBI released an advisory on cybersecurity on August 13 warning about previously undisclosed Russian malware.
The malware is a set of hacking tools named “Drovorub,” the agencies said in a news release.
It said a unit within Russia’s GRU military intelligence agency -- the 85th Main Special Service Center (GTsSS), military unit 26165 -- was deploying the malware as part of its cyberespionage operations.
The GTsSS, the agencies said, is associated with the hackers who broke into the Democratic National Committee in the months leading up the 2016 presidential election.
That group, known as APT28 or “Fancy Bear,” and other Russian hacking groups have been blamed in recent years by multiple Western governments, think tanks, and corporations for carrying out numerous cyberattacks.
The cybersecurity advisory published on August 13 is the latest statement from the U.S. government aimed at publicizing Russian hacking operations ahead of the 2020 U.S. presidential election.
The 45-page advisory is an “extensive, technical analysis on specific threats,” NSA Cybersecurity Director Anne Neuberger said in the news release.
"By deconstructing this capability and providing attribution, analysis, and mitigations, we hope to empower our customers, partners, and allies to take action,” Neuberger said.
The Drovorub hacking tool is designed to break into computers based on the Linux operating system, which is commonly used to run web-based computer servers.
Among the actions that Drovorub enables are file download and upload capabilities, the execution of arbitrary commands, and techniques to evade detection.
The advisory provides guidance to systems administrators and network security specialists so they can defend against the malware. It includes detection strategies, mitigation techniques, configuration recommendations, and other tips to reduce the risk of compromise.