Drovorub (Russian: дроворуб, "woodcutter") is a software toolkit for developing malware for the Linux operating system. It was created by the 85th Main Special Service Center, a unit of the Russian GRU often referred to as APT28.[1][2]
Drovorub has a sophisticated modular architecture,[3] containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.[2] Drovorub has been described as a "Swiss-army knife for hacking Linux".[4]
The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.[5]
Hacking in the 2020s
| |||||||
---|---|---|---|---|---|---|---|
Major incidents |
| ||||||
Groups |
| ||||||
Individuals |
| ||||||
Major vulnerabilities publicly disclosed |
| ||||||
Malware |
|
![]() | This computer security article is a stub. You can help Wikipedia by expanding it. |
![]() | This espionage-related article is a stub. You can help Wikipedia by expanding it. |