One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI.
The U.S. agencies issued a joint advisory in mid-August to warn organizations that the cyber-espionage group known as APT28, which has been linked to Russia’s General Staff Main Intelligence Directorate (GRU), has been using a piece of Linux malware named Drovorub.
Drovorub includes an implant, a kernel module rootkit, file transfer and port forwarding tools, and a C&C server. Once it has been deployed on a device, the malware allows its operators to download and upload files, execute commands with root privileges, and conduct port forwarding. It also has mechanisms for persistence and evading detection.
Drovorub impacts systems with Linux kernel versions 3.7 or lower (due to the lack of adequate kernel signing enforcement), and it cannot achieve persistence on systems where the UEFI secure boot is enabled in Full or Thorough mode.
Schneider Electric has advised customers to implement defense-in-depth recommendations in order to protect their Trio Q Data Radio and Trio J Data Radio devices against the malware.
These products are ethernet and serial data radios designed to provide long-range wireless data communications for SCADA and remote telemetry applications.
According to Schneider, installing the malware on these devices “could result in an attacker gaining direct communications capability with actor-controlled command and control infrastructure, file download and upload capabilities, execution of arbitrary commands, port forwarding of network traffic to o ..
Support the originator by clicking the read the rest link below.
