New Linux Malware Threatens Security Nationwide

Posted by
Aug 21, 2020
Reviewed by
Jan 16, 2024
min. read
Table of Contents

A new form of malware from Russian hackers has affected Linux users throughout the United States. This is not the first time there has been a cyberattack from a nation-state, but this malware is more dangerous as it generally goes undetected. Linux is used not only in individual devices but in supercomputers and other Internet of Things devices both in the home and the office. Though many Linux users believe Windows to be more of a target for these hacking groups, their operating systems are just as much at risk.

How the Malware Works

The overall goal of this malware is to infiltrate sensitive systems to steal confidential data and obtain total control over the device and operating system. The malware is called “Drovorub,” which in Russian breaks down to “wood” and “cutter,” though some security researchers say that “Drava” is slang for drivers. This means the name of the malware means to “cut drivers” in the sense that it cuts kernel drivers in a computer system.

This malicious attack begins when malware connects to the command and control centers of a device. A hacking group that works for the Russian intelligence agency, FancyBear or APT 28 as they are otherwise known, eventually gains control over an infiltrated system. There are several components that are involved in the attack which include:

  • A client that infects the device
  • Rootkit tactics are used by a kernel module to hide the malware’s presence from security defenses
  • A server is operated by the hackers so they can control the infected machines and obtain data
  • Another medium between infected machines and compromised servers is used to maintain control

The rootkit portion of the malware is the most dangerous, as this is what causes the malware to stay undetected by any antivirus program on a computer system. Overall, these tools create a backdoor for file uploads and downloads, allow hackers to execute their own commands to the affected system, and network traffic is forwarded to other hosts on the same infected network.

Recurring Risks Require Substantial Security

This is not the first time this particular group has struck as it was reported earlier this month that they had hacked printers, video decoders and other IoT devices in order to gain access to the computer systems they were connected to.

The most common suggestion that the FBI and other cybersecurity experts are giving is to ensure your Linux-operating system is up-to-date. Ensuring your Linux OS is currently running 3.7 or later can help in patching any possible vulnerabilities that a hacking group could exploit. In addition, it is suggested that organizations who run Linux on a large or small scale should run network intrusion detection systems, use security products, live response tools, and media disk image analysis. McAfee specifically stated that users should scan their systems for rootkits and use the Linux Kernel Lockdown to isolate the problem.

Linux systems are becoming more of a target as they are generally under the radar and left unprotected by individuals and corporate offices. If you are the victim of a cyberattack, call our SecureForensics team. The investigators have years of experience finding the source of a cyberattack, ending it, and finding out what data was compromised.

Malware attacks happen more often than ever before, and a secure backup system is also necessary to save your important files, even if the main system becomes compromised. Our hardware encrypted SecureDrives keep out unauthorized parties with secure authentication methods and built-in antivirus.


Discover our secure data Solutions

Data Recovery Services

From single external hard drives, SSD’s, mobile devices to enterprise NAS, SAN, and RAID failures, we are ready to help recover from digital disasters, anywhere.

Request Help
Laura Bednar

© 2024 SecureData Corporation or its affiliates. All rights reserved.