Discover Hacks/Cracks News
Malware: Group Targeting Embassies Adds ‘Drovorub’ Campaign
Russian digital espionage group Fancy Bear has incorporated a new Linux-based malware dubbed “Drovorub” into their attack campaigns, according to the National Security Agency (NSA) and the FBI.
In their joint advisory last year, the NSA and FBI explained the Linux-based malware — dubbed “Drovorub” by researchers — consists of three different components: a kernel module rootkit, a file transfer and port forwarding kit and a command-and-control (C&C) tool.
They found that these traits made it possible for Fancy Bear, also known as “APT28” and “Strontium,” to download and upload files, execute arbitrary commands as root and port forward network traffic on other hosts.