Reset Search
 

 

Article

SA44574 - 2020-08: Out-of-Cycle Advisory: FBI and NSA Expose New Linux Malware Drovorub

« Go Back

Information

 
Product Affected
Problem
The United States National Security Agency and Federal Bureau of Investigation have released a Cybersecurity Advisory regarding the Drovorub malware. Drovorub is Linux malware that targets Linux systems. Once in effect, it allows persistent remote access by an attacker. Drovorub is a malware and not a new vulnerability.

The Drovorub malware is part of a malware campaign that requires multiple steps to function correctly. The malware alone does not provide immediate access to a system and requires an existing vulnerability or vulnerabilities to be exploited to gain root access before it can be used.
The NSA/FBI Security Advisory is available here:
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
Solution

The table below provides details of the following products:

Pulse Connect SecureNot Applicable
Pulse Policy SecureNot Applicable
PulseOneNot Applicable
Pulse Secure vADCNot Applicable

Drovorub is a Linux malware toolset. This is not a vulnerability. For further protection, Pulse Secure recommends the following steps:
  • Upgrade VPNs and network devices used to remote into work environments to the latest supported versions.
  • Use strong passwords or implement multi-factor authentication (MFA) Authentication.
  • Increase your company’s remote access security tasks: log review, threat detection, and incident response & recovery.
  • Customer using vTM can enable "Restricting Access" and "SSH intrusion protection" for vTM Devices.

Exploitation

Pulse Secure PSIRT is not aware of any malicious use of this malware against Pulse Secure products.

LEGAL DISCLAIMER

  • THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
  • A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
Document History:
August 19, 2020 - Initial advisory posted.
Workaround
Not Applicable
Implementation
Not Applicable
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypeSA - Security Advisory
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255