Drovorub
Drovorub (Russian: дроворуб, "woodcutter") is a software toolkit for developing malware for the Linux operating system. It was created by the 85th Main Special Service Center, a unit of the Russian GRU often referred to as APT28.[1][2]
Drovorub has a sophisticated modular architecture,[3] containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.[2] Drovorub has been described as a "Swiss-army knife for hacking Linux".[4]
The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.[5]
References
- ^ "Drovourm Malware: Fact Sheet & FAQs" (PDF). nsa.gov. Archived (PDF) from the original on 2020-08-14. Retrieved 21 August 2020.
- ^ a b "Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" (PDF). media.defense.gov. August 2020. Archived (PDF) from the original on 2020-08-13. Retrieved 21 August 2020.
- ^ Cimpanu, Catalin. "FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers". ZDNet. Retrieved 2020-08-21.
- ^ Jerzewski, Matthew (2020-08-20). "Drovorub Malware - "Taking systems to the wood chipper"". The State of Security. Archived from the original on 2020-08-22. Retrieved 2020-08-21.
- ^ "NSA and FBI expose Russian 'Drovorub' malware used to target Linux systems". www.computing.co.uk. 2020-08-14. Retrieved 2020-08-21.
- v
- t
- e
← 2010s | Timeline | 2030s → |
2020 |
|
---|---|
2021 |
|
2022 | |
2023 | |
2024 |
- Anonymous
- Anonymous Sudan
- Berserk Bear
- Clop
- Cozy Bear
- DarkMatter
- DarkSide
- Dridex
- Ghostwriter
- GnosticPlayers
- Guacamaya
- Hafnium
- IT Army of Ukraine
- Killnet
- Lapsus$
- LightBasin
- Lockbit
- REvil
- Sandworm
- Sakura Samurai
- ShinyHunters
- Wizard Spider
publicly disclosed
- SMBGhost (2020)
- Thunderspy (2020)
- PrintNightmare (2021)
- FORCEDENTRY (2021)
- Log4Shell (2021)
- Account pre-hijacking (2022)
- Retbleed (2022)
- Downfall (2023)
- LogoFAIL (2023)
- Reptar (2023)
- Terrapin (2023)
- GoFetch (2024)
2020 |
|
---|---|
2021 |
|
2022 |
|
This computer security article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e
This espionage-related article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e