Share this page!

CyberWatchers Profile picture
Twitter logo
Jan 17 7 tweets 2 min read
We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ).
Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR
US agencies warned of the threat posed in a 45-page security alert released in August 2020 and companies such as Schneider Electric offered mitigation to customers in advance of fixes to their operating systems.
media.defense.gov/2020/Aug/13/20…
According to Moor Insight and Strategy, a leading global technology analyst, there have been no published attacks from the malware and the released security report probably massively affected its operational effectiveness.
Apparently, the variant project, Drovorub-A1-PM, was due to begin in September 2018, but was delayed for several months due to bureaucratic incompetence. Completion was eventually expected in November 2021, however the 5-phase project had been beset with delays.
Over 3 years of development, the project has cost 54.7 million rubles (approx 900,000 USD). Given that AST also received 20 million rubles as part of the INCONTROLLER project development, it seems that AST has not provided much value for money to the GRU.
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CyberWatchers

CyberWatchers Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cyber_watchers

CyberWatchers Profile picture
Oct 4, 2022
We have become aware of a large #ICS/#SCADA malware project apparently conducted under a state contract on behalf of the Russian General Staff Main Intelligence Directorate (#GRU), Main Centre for Special Technologies (#GTsST), military unit 74455.
This military unit also known as #Sandworm is located at the GRU Ulitsa Kirova facility in the Khimki suburb of Moscow. In the past Sandworm has targeted ICS/SCADA, one of the most renowned being the #INDUSTROYER2 hacking attempt of a Ukrainian electrical substation in April 22.
The ongoing project is to cost more than 100 million rubles across three phases and undertaken by several technical defense contractors.
Read 5 tweets
CyberWatchers Profile picture
Jul 14, 2022
If the Russian Intelligence Services work with other companies, which ones? According to the US, one company working with the FSB, GRU and SVR is Advanced System Technologies (AST).
According to the US Treasury press release of April 15 21 (home.treasury.gov/news/press-rel…) AST is a "Russian IT security firm whose clients include Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU and SVR."
Some additional background information on the company is available on the TADVISER website, a Russian business knowledge base, including information on the largest 100 IT companies in Russia.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(