Russian GRU 85th GTsSS Deploys Undisclosed Malware
NJCCIC Advisory
Original Release Date: 8/14/2020
Summary
The Federal Bureau of Investigation (FBI) and National Security Agency (NSA) released a joint cybersecurity advisory for previously undisclosed Russian malware. The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.
This cybersecurity advisory provides background on Drovorub, attribution of its use to the GTsSS, detailed technical information on the Drovorub malware, guidance on how to detect it on infected systems, and mitigation recommendations. Information in this cybersecurity advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior.
Reporting
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form by clicking here.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.