NSA, FBI expose Russian intelligence hacking tool: Report

The U.S. National Security Agency and Federal Bureau of Investigation have exposed a sophisticated Russian hacking tool, they said on Thursday in a rare public report offering new insight on Russia’s arsenal of digital weapons.

The NSA and FBI said that Russia’s Main Intelligence Directorate, known as the GRU, was using a hacking tool code named “Drovorub” to break into Linux-based computers. Linux is an operating system commonly used across computer server infrastructure.

“Linux systems are used pervasively throughout National Security Systems, the Department of Defense, and the Defense Industrial Base - as well as the larger cybersecurity community writ large,” Keppel Wood, chief operations officer in the NSA’s Cybersecurity Directorate, told Reuters. “The malware has the potential to have a widespread impact if network defenders don’t take action against it.”

The public call-out is unique, said a former Western intelligence official, because of the direct attribution offered by the U.S. agencies. The NSA and FBI connected Drovorub to a specific Russian intelligence team - the 85th Main Special Service Center (GTsSS), military unit 26165.

The GTsSS, the agencies said, is associated with the same hackers who broke into the Democratic National Committee in 2016.

“Drovorub is a ‘Swiss Army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote-controlling the victim’s computer,” said Steve Grobman, chief technology officer for cybersecurity company McAfee.