Drovorub is a Linux malware developed for use by the GTsSS.
It persists through reboot of an infected machine unless UEFI secure boot is enabled in Full or Thorough mode.
Communication between the components is conducted via JSON over WebSockets.
The malware implements a sophisticated evasion method, it influences advanced rootkit capabilities to remain under the radar.
Our deep partnership with FBI is reflected in our releasing this comprehensive guidance together.
This joint advisory with our partners at NSA is an outstanding example of just that key in of sharing.
We remain committed to sharing information that helps businesses and the public protect themselves from malicious cyber actors.
The United States is a target-rich environment for potential cyber-attacks.
More information is available on NSAsfact sheet.
source: www.techworm.net
