Yesterday in response to accusations from both the NSA and the FBI about a program called Drovorub (woodchopper), Komsomol’skaya pravda denied flatly that Russia in the form of the military intelligence directorate is in anyway responsible for yet more hacking in the USA.
Неизвестная шпионская программа Drovorub наделала много шума в США
Агентство национальной безопасности США объявила ее детищем “российских хакеров”
What the article is referring to is the following announcement from the NSA and FBI:
NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory
Release No: PA-001-20 Aug. 13, 2020
In their advisory, the US authorities specifically mention “the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector as Fancy Bear, Strontium, or APT 28, is deploying malware called Drovorub, designed for Linux systems as part of its cyber espionage operations.”
The advisory goes on to detail the threat: “Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C2) server. When deployed on a victim machine, Drovorub provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands; port forwarding of network traffic to other hosts on the network; and implements hiding techniques to evade detection.”
Curiously, while denying that Russia has done anything of the kind, the commentary in Komsomol’skaya pravda asks why the Americans have not specified exactly what damage was done to state and private institutions in the United States. It rather sounds like a request to find out how successful they have been!