YIKES: Fancy Bear Linux Rootkit

By August 14, 2020Cyber Security

Heads-Up! The CyberWire staff wrote: “The US National Security Agency and Federal Bureau of Investigation yesterday issued a joint alert concerning a new malware toolset operated by Russia’s military intelligence service, GRU. The advisory describes Drovorub, malware deployed by APT28, which of course is Fancy Bear. Drovorub is a multifunctional “Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server.” So far it seems that Fancy Bear is Drovorub’s only user. Both NSA and the Bureau offer advice on how to detect the malware and protect against it. The warning is being taken seriously: as the Register puts it, four words you don’t want to see together are “Fancy Bear Linux rootkit.”

Kaspersky researchers have published an update on the activities of “CactusPete” (also known as Karma Panda), a Chinese APT that’s using a new form of the Bisonal backdoor against defense and banking targets in Eastern Europe. Capability of handling Cyrillic script suggests that its activities extend east through Ukraine, Belarus, and Russia. It’s a cyberespionage campaign, but it may also represent reconnaissance and battlespace preparation for more damaging attacks. Karma Panda has earlier been active against Japan, South Korea, and the United States.”

Refer Here for Original Post and Source https://blog.knowbe4.com/yikes-fancy-bear-linux-rootkit

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland