Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 References

Drovorub

●Norsk bokmål Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Drovorub (Russian: дроворуб, "woodcutter") is a software toolkit for developing malware for the Linux operating system. It was created by the 85th Main Special Service Center, a unit of the Russian GRU often referred to as APT28.^[1]^[2]

Drovorub has a sophisticated modular architecture,^[3] containing an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control server.^[2] Drovorub has been described as a "Swiss-army knife for hacking Linux".^[4]

The U.S. government report that first identified Drovorub recommends the use of UEFI Secure Boot and Linux's native kernel module signing facility to resist Drovorub attacks.^[5]

References[edit]

^ "Drovourm Malware: Fact Sheet & FAQs" (PDF). nsa.gov. Archived (PDF) from the original on 2020-08-14. Retrieved 21 August 2020.

^ ^a ^b "Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" (PDF). media.defense.gov. August 2020. Archived (PDF) from the original on 2020-08-13. Retrieved 21 August 2020.

^ Cimpanu, Catalin. "FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers". ZDNet. Retrieved 2020-08-21.

^ Jerzewski, Matthew (2020-08-20). "Drovorub Malware - "Taking systems to the wood chipper"". The State of Security. Archived from the original on 2020-08-22. Retrieved 2020-08-21.

^ "NSA and FBI expose Russian 'Drovorub' malware used to target Linux systems". www.computing.co.uk. 2020-08-14. Retrieved 2020-08-21.

Hacking in the 2020s

← 2010s

Timeline

2030s →

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak
2023	Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack
2024	XZ Utils backdoor Kadokawa and Niconico