Russian cyberespionage has been at the forefront of the public discourse since the Mueller investigation confirmed Moscow interfered in the 2016 presidential election. Now, in a rare bit of public disclosure, the National Security Agency and FBI have released a joint report on an advanced hacking tool employed by Russia, known as “Drovorub.”

The report released Thursday said Drovorub is employed by the Russian Main Intelligence Directorate to infiltrate computer systems running Linux, which commonly is employed in the U.S. in computer servers.

“Linux systems are used pervasively throughout National Security Systems, the Department of Defense and the Defense Industrial Base -- as well as the larger cybersecurity community writ large,” Keppel Wood, chief operations officer in the NSA’s Cybersecurity Directorate, said. “The malware has the potential to have a widespread impact if network defenders don’t take action against it. … NSA is sharing this information to counter the capabilities of the GRU GTsSS, which continues to threaten the United States and its allies.”

In the report, the agencies attributed Drovorub and its use to the 85th Main Special Service Center (GTsSS), unit 26165. This specific team of government hackers is believed to be the same unit that was able to hack into the Democratic National Committee in 2016 although the report did not specify any other organizations that might have been attacked with Drovorub.

“Drovorub is a ‘Swiss Army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote-controlling the victim’s computer,” Steve Grobman, chief technology officer for McAfee, told Reuters. 

“For the FBI, one of our priorities in cyberspace is not only to impose risk and consequences on cyberadversaries but also to empower our private sector, governmental and international partners through the timely, proactive sharing of information,” the FBI said in a tweet. “This joint advisory with our partners at NSA is an outstanding example of just that type of sharing.”

US officials say they arrested the mastermind of a Russian cyber "storefront" which sold stolen data to hackers and criminals US officials say they arrested the mastermind of a Russian cyber "storefront" which sold stolen data to hackers and criminals Photo: AFP / Philippe HUGUEN