Iron Drovorub: how the US accused Russian intelligence of cyber espionage

US intelligence agencies have accused the Russian GRU of creating spyware Drovorub, which allegedly poses a threat to the telecommunications systems of the US security services and the Pentagon. The relevant information was posted on the website of the National Security Agency (NSA).

According to the text of the statement, the responsibility for creating the program is allegedly borne by a group of hackers Fancy Bear, which in the United States is considered a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, better known by its former name - the Main Intelligence Directorate (GRU).

“The military unit of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) No. 26165 (85th main center of the special service), whose activities are sometimes attributed by experts from the private sector (to hacker groups. - RT ) Fancy Bear, Strontium and APT 28, is using a malicious program called Drovorub, which targets Linux-based systems as part of its cyber espionage operations, ”the report said.

• NSA building
• Reuters
• © NSA / Handout

According to the NSA and the FBI, “by infiltrating the victim’s device, Drovorub makes it possible to establish direct communication with the control system controlled by a (malicious) subject, receive and transmit files, execute arbitrary commands, redirect network traffic to other network nodes, and also uses disguise for avoiding detection. "

The text of the document emphasizes that this software poses a threat to the US military.

"Drovorub poses a threat to national security systems, the Department of Defense and clients of the US military industrial base," the NSA said.

In connection with the detection of this "threat", the employees of these units responsible for cybersecurity will be provided with instructions on how to mitigate the risks from the Drovorub program, the National Security Agency said in a statement. 

Russian trace in cyberspace

Experts remind that the so-called Russian hackers and the GRU are regularly targeted by Western intelligence services and the media.

The loudest accusation against the Russian army intelligence was the story of "interference" in the 2016 American elections.

In the summer of 2018, Special Prosecutor Robert Mueller, who led the investigation into the alleged influence of the Russian Federation on the American electoral process, indicted 12 Russian citizens. The US authorities consider them to be officers of the main directorate of the General Staff of the Russian Armed Forces.

This list included officers of the same military unit 26165, which is mentioned by the NSA in connection with the creation of the Drovorub program. American investigators believed that these people were allegedly responsible for the cyberattack on the servers of the Democratic Party and the mail of members of the campaign headquarters of the US presidential candidate Hillary Clinton.

Recall that the hacking of the servers of the National Committee of the Democratic Party (NKDP) led to a large-scale leak of e-mails between NKDP members. From these letters it became clear that there was a conspiracy in the party leadership against Hillary Clinton's rival in the primaries - Senator Bernie Sanders. There is a widespread point of view in the United States that the publication of these discrediting data to the Democratic Party helped Donald Trump win the elections.

• Bernie Sanders and Hillary Clinton during the debate
• Reuters
• © Mike Segar / File

Another resonant accusation against the Russian "cyber troops" concerns hacker attacks on the World Anti-Doping Agency (WADA) and the Organization for the Prohibition of Chemical Weapons (OPCW). In October 2018, American authorities filed absentee charges against seven alleged Russian military intelligence officers for these alleged offenses. According to them, the purpose of the attacks was to discredit WADA and the OPCW.

In July 2020, the cyber security services of the United States, Great Britain and Canada again made accusations against Russia. This time, "Russian hackers" allegedly tried to steal "information and intellectual property related to the development and testing of vaccines against COVID-19."

In all these cases, Russia has consistently denied allegations of any malicious cyberspace activity. As for the story with the attempt to "steal" the development of a vaccine against coronavirus infection, Moscow drew attention to the senselessness of such accusations, since the Russian Federation will produce the English vaccine AstraZeneca on a legal basis. This was stated by the head of the Russian Direct Investment Fund (RDIF) Kirill Dmitriev on the air of Times Radio.

“Everything has already been transferred to R-Pharm, which will produce the Oxford vaccine AstraZeneca in Russia. This is a commercial agreement between AstraZeneca and R-Pharm, - said Dmitriev.

At the same time, on August 11, 2020, Russia was the first in the world to register its own vaccine against COVID-19, which was developed by the National Research Center for Epidemiology and Microbiology named after Honorary Academician N.F. Gamalei.

It is worth noting that, constantly accusing Russia of cybercrimes, the American special services themselves carry out hacker attacks on Russian objects, and US officials even make it a matter of pride.

In 2019, the publication of The New York Times received a great response, in which, with reference to sources, it was said that the United States was trying to collect information about the Russian power system and inject malicious software into it. Then Trump denied these data, but experts believe that they may be true.

But in 2020, the American president admitted that, on his order, the American special services carried out several attacks on the so-called Internet Research Agency - an allegedly existing Russian structure that deals with information operations on the Internet.

At the same time, the NSA itself, which reported on Drovorub, was in the center of a global scandal in 2013 after its former employee Edward Snowden conveyed to the media data on the collection of data by this organization on all calls from users of such large US communication companies as Verizon, Spirit Nextel and AT&T, as well as the NSA's access to the servers of Microsoft, Yahoo, Google, Facebook, YouTube, Skype and Apple. 

For its part, Moscow has repeatedly offered Washington to establish cooperation in the field of cybersecurity in order to increase the level of confidence in this area, but the Americans ignore all the proposals of the Russian side. Russian Ambassador to the United States Anatoly Antonov spoke about this in December 2019.

“We have long offered the American side to establish a direct dialogue on cybersecurity issues, agree on a joint response to specialized threats. However, Washington is diligently ignoring this idea, preferring to label Russia as a “cybercriminal,” the diplomat noted.  

"They scared themselves more than anyone else"

According to the historian of the special services, retired FSB major general Valery Malevaniy, the NSA's statement about the Drovorub program does not inspire any credibility.

“This duck is designed for the layman. Such small stuffing happens, as a rule, against the backdrop of election campaigns, and in the United States now, just everyone is living with the upcoming presidential elections. The struggle of political parties unfolding in America today is the main reason for such manifestations of an information war against Russia, ”the expert said in an interview with RT.

HSE professor Dmitry Evstafiev adheres to a similar point of view. He believes that accusations of "Russian hackers" in all kinds of attacks on American democracy have long become part of US domestic policy.

“Today, the obsession with the 'Russian track' is beginning to manifest itself at the institutional level. This hysteria reflects the deepest uncertainty about the ability of the American political system to withstand the pressures of the forthcoming election campaign. Today, a situation arises in which these elections can be recognized as illegitimate, ”the analyst said in an interview with RT.

At the same time, Evstafiev emphasizes that the political crisis in America is in no way connected with any activity of foreign special services and is caused exclusively by the internal problems accumulated in the country.

“The institutional collapse of the American political system is to blame for this, not the Russian special services. Now various players in American politics want to justify themselves by dumping the responsibility on an external enemy, "the analyst believes.

He noted that such accusations are extremely dangerous, because they undermine faith in the legitimacy of the American democratic process among US residents.

“By undertaking such actions, the American political system loses its sense of self-preservation, because the more information about Russian, Chinese“ interference ”appears, the less chances there are for holding legitimate elections and the recognition of their results by all parties involved. It is extremely dangerous, but they do not understand it, ”concluded Evstafiev.