Drovorub: il Malware che attacca Linux

Andrea Biraghi ultime notizie
Fonte:
Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware — FBI — NSA

What is Drovorub?

Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor- controlled C2 infrastructure (T1071.0011); file download and upload capabilities (T1041); execution of arbitrary commands as “root” (T1059.004); and port forwarding of network traffic to other hosts on the network (T1090). The kernel module rootkit uses a variety of means to hide itself and the implant on infected devices (T1014), and persists through reboot of an infected machine unless UEFI secure boot is enabled in “Full” or “Thorough” mode. Despite this concealment, effective detection techniques and mitigation strategies are described below.

Fonte: Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware — FBI — NSA

Andrea Biraghi ultime notizie e rassegna stampa cybersecurity 24 Agosto 2020

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store