NSA, FBI expose Russian intelligence hacking tool
The US National Security Agency and Federal Bureau of Investigation have exposed a sophisticated Russian hacking tool, they said on Thursday in a rare public report offering new insight on Russia's arsenal of digital weapons.
The NSA and FBI said that Russia's Main Intelligence Directorate, known as the GRU, was using a hacking tool code named "Drovorub" to break into Linux-based computers. Linux is an operating system commonly used across computer server infrastructure.
"Linux systems are used pervasively throughout National Security Systems, the Department of Defense, and the Defense Industrial Base - as well as the larger cybersecurity community writ large," Keppel Wood, chief operations officer in the NSA's Cybersecurity Directorate, told Reuters.
"The malware has the potential to have a widespread impact if network defenders don’t take action against it."
The public call-out is unique, said a former Western intelligence official, because of the direct attribution offered by the US agencies. The NSA and FBI connected Drovorub to a specific Russian intelligence team - the 85th Main Special Service Center (GTsSS), military unit 26165.
The GTsSS, the agencies said, is associated with the same hackers who broke into the Democratic National Committee in 2016.
“Drovorub is a ‘Swiss Army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote-controlling the victim’s computer," said Steve Grobman, chief technology officer for cybersecurity company McAfee.
Thursday's highly technical, 45-page NSA/FBI report is the latest in a series of public call-outs by the US government aimed at Russian hacking operations ahead of the 2020 US presidential election. The agencies did not say what types of organisations had been compromised by Drovorub.
"NSA is sharing this information to counter the capabilities of the GRU GTsSS, which continues to threaten the United States and its allies," said the NSA's Wood.
The FBI did not immediately respond to a request for comment.