The main intelligence department of Russia has once again been accused of cyber espionage. The US National Security Agency, together with the Federal Bureau of Investigation, announced new, hitherto unknown Russian malware. This was reported on the NSA website.
The 85th Main Special Service Center (GCC) of the Russian GRU General Staff, military unit 26165, sometimes identified by the private sector as Fancy Bear, Strontium or APT-28, deploys malware called, Lumberjack developed for the Linux operating system under More information on Lumberjack, including detection methods and mitigation measures, can be found in the NSA / FBI's Joint Cybersecurity Guidelines.
The malware was detected thanks to the joint work of the NSA and the FBI. The proverb is a suite of Linux malware equipped with file transfer and port forwarding tools and command and control servers.
вЂњWhen opened on the victim's machine, Lumberjack provides the ability to directly communicate with the infrastructure of servers controlled by the subject; the ability to download and upload files; execute arbitrary commands; forwarding the network traffic port to other hosts on the network, and implements hiding methods to avoid detection,вЂќ they note special services.
It also notes that вЂњWoodcutterвЂќ poses a threat to both the public sector and private users if they use Linux. In addition, the message points to methods of fighting the Russian "Lumberjack".
Recall that the leadership of the social network Twitter has strengthened security measures during the investigation into the circumstances of the hacker attack, as a result of which the accounts of many well-known companies and people were hacked.