Portland, Arrest Them? Okay, 74 Face Federal Charges

This is significant as these are Federal charges and not under the authority of liberal District Attorneys. However, there is movement by the Portland Police.

Portland police are cracking down on nightly demonstrations and ramping up enforcement since federal forces scaled back their presence in downtown.

City officers have made 217 arrests at protests since Aug. 1, nearly three times the 77 they made in all of July, according figures released by the Portland Police Bureau and reviewed by The Oregonian/OregonLive.

About half of those occurred in the last week, when police declared riots five out of seven nights. Officers arrested more than 20 people on each of three of those nights. More here.

Read on and give a hat tip to The FBI, the US Marshall Service, ATF and HSI.

Portland protests: Police detain 2 suspects after shooting source

FOR IMMEDIATE RELEASE
Thursday, August 27, 2020

74 People Facing Federal Charges for Crimes Committed During Portland Demonstrations

Charges include assaulting federal officers, arson, failing to obey lawful orders, and damaging federal property

U.S. Attorney Billy J. Williams announced today that 74 people are facing federal charges for crimes committed adjacent to or under the guise of peaceful demonstrations in Portland since at least May 29, 2020.

For more than 90 consecutive nights, Portland has been home to large demonstrations and protests against police use of force and anti-Black racism. On many nights, after peaceful demonstrations end, various public and private buildings have been the target of vandalism and destruction. Local, state, and federal law enforcement working to protect these buildings and ensure the safety of peaceful demonstrators have been subjected to threats and assaults from violent agitators while performing their duties.

“Violent agitators have hijacked any semblance of First Amendment protected activity, engaging in violent criminal acts and destruction of public safety,” said U.S. Attorney Williams. “The U.S. Attorney’s Office and our federal law enforcement partners are expeditiously working with local and state law enforcement to identify, arrest, and prosecute these individuals that are disrupting the rule of law in our communities and physically attacking our law enforcement officers and destroying property. Violent agitators not only delay real reform, but make our community less safe by keeping law enforcement from responding to other critical calls for service.”

“While the FBI supports and safeguards Constitutionally-protected activity and civil rights, there is no permit for assault, arson or property damage and these are not victimless crimes,” said Renn Cannon, Special Agent in Charge of the FBI in Oregon. “Among the victims of violent crime are business owners, residents and individuals exercising their First Amendment rights through protests or other legitimate forms of expression.”

“The nightly violence has to stop,” said Russel Burger, U.S. Marshal for the District of Oregon. “It is drowning out the voices of the many who are calling for change, and pulling police resources away from their primary mission of keeping this community safe. We must all come together to find a productive way to move forward.”

“As the nation’s primary source for fire investigative knowledge, ATF remains committed to investigating those responsible for committing arsons in our communities and holding them responsible for their illegal actions,” said ATF Special Agent in Charge Jonathan McPherson. “As a reminder, there is a mandatory minimum sentence of five years for arson. ATF takes these violent actions seriously and will work diligently to bring justice to the victims.”

“It is vitally important that all Americans have the ability to exercise their first amendment rights to freedom of speech,” said Acting Special Agent in Charge of Homeland Security Investigations Seattle Eben Roberts. “Unfortunately, much of what we’re seeing in Portland is the antithesis of that. Instead tragic events are being used as excuses for individuals with ill intent disguising themselves as activists to commit violent crimes against their communities and law enforcement officers. Progress can only be made if community leaders, law enforcement and the public come together in the name of social change, justice and peace.”

Since May 26, 2020, federal law enforcement authorities have arrested 100 people for crimes committed during local demonstrations. Seventy-four face federal charges, including felonies, misdemeanors, and citation violations. Crimes include assaults on federal officers, some resulting in serious injuries; arson and attempted arson; damaging federal government property; failing to obey lawful orders; and unlawful use of a drone; among others.

Charged defendants include:

  • Edward Carubis, 24, is charged with assaulting a federal officer on July 1, 2020;
  • Rowan Olsen, 19, is charged (photos available) with creating a hazard on federal property, disorderly conduct, and failing to obey a lawful order on July 2, 2020;
  • Shant Singh Ahuja, 28, of Oceanside, California, is charged with destruction of federal property on July 4, 2020;
  • Gretchen Blank, 29, of Seattle, Washington, is charged (photos available) with assaulting a federal officer on July 5, 2020;
  • Andrew Faulkner, 24, is charged with assaulting a federal officer on July 5, 2020;
  • Christopher Fellini, 31, is charged (photos available) with assaulting a federal officer on July 5, 2020;
  • Theodore Matthee-O’Brien, 21, is charged with assaulting a federal officer on July 5, 2020;
  • Cody Porter, 28, is charged with assaulting a federal officer on July 5, 2020;
  • Taimane Teo, 24, of Eugene, Oregon, is charged with assaulting a federal officer on July 5, 2020;
  • Benjamin Wood-Pavich, 21, is charged with assaulting a federal officer on July 5, 2020;
  • Jacob Gaines, 23, a Texas resident, is charged (photos available) with assaulting a federal officer on July 11, 2020;
  • Lillith Grin, 22, is charged with assaulting a federal officer on July 12, 2020;
  • Benjamin Bolen, 36, is charged with assaulting a federal officer on July 13, 2020;
  • Kevin Weier, 36, is charged with attempted arson on July 13, 2020;
  • Wyatt Ash-Milby, 18, is charged with failing to obey a lawful order on July 21, 2020;
  • Jerusalem Callahan, 24, is charged with damaging government property on July 21, 2020;
  • Zachary Duffly, 45, is charged with creating a disturbance on July 21, 2020;
  • Caleb Ehlers, 23, is charged with failing to obey a lawful order on July 21, 2020;
  • Paul Furst, 22, is charged with failing to obey a lawful order on July 21, 2020;
  • Jennifer Kristiansen, 38, is charged with assaulting a federal officer on July 21, 2020;
  • Ella Miller, 26, is charged with failing to obey a lawful order on July 21, 2020;
  • Marie Sager, 27, is charged with failing to obey a lawful order on July 21, 2020;
  • Giovanni Bondurant, 19, is charged with assaulting a federal officer on July 22, 2020;
  • Bailey Dreibelbis, 22, is charged with failing to obey a lawful order on July 21, 2020;
  • Gabriel Huston, 22, is charged with assaulting a federal officer on July 22, 2020;
  • Joseph Lagalo, 37, is charged with failing to obey a lawful order on July 22, 2020;
  • Taylor Lemons, 32, is charged with assaulting a federal officer on July 22, 2020;
  • Joseph Ybarra, 21, is charged with arson on July 22, 2020;
  • David Hazan, 24, is charged with failing to obey a lawful order on July 23, 2020;
  • Nicholas Kloiber, 26, is charged with failing to obey a lawful order on July 23, 2020;
  • Cameron Knutson, 28, is charged with failing to obey a lawful order on July 23, 2020;
  • Carly Ballard, 34, is charged with assaulting a federal officer on July 24, 2020;
  • David Bouchard, 36, is charged with assaulting a federal officer on July 24, 2020;
  • Dakota Eastman, 30, is charged with failing to obey a lawful order on July 24, 2020;
  • Josslynn Kreutz, 28, is charged with failing to obey a lawful order on July 24, 2020;
  • Ezra Meyers, 18, is charged with failing to obey a lawful order on July 24, 2020;
  • Mark Rolycanov, 28, is charged with failing to obey a lawful order on July 24, 2020;
  • Pablo Avvocato, 26, is charged with assaulting a federal officer on July 25, 2020;
  • Douglas Dean, 34, is charged with assaulting a federal officer on July 25, 2020;
  • Rebecca Mota Gonzales, 37, is charged with assaulting a federal officer on July 25, 2020;
  • Thomas Johnson, 33, is charged with assaulting a federal officer on July 25, 2020;
  • Richard Lindstedt, 33, is charged with violating national defense airspace on July 25, 2020;
  • Nathan Onderdonk-Snow, 21, is charged with assaulting a federal officer on July 25, 2020;
  • Stephen O’Donnell, 65, is charged with assaulting a federal officer on July 25, 2020;
  • Joshua Webb, 22, is charged with assaulting a federal officer on July 25, 2020;
  • Jeffree Cary, 30, is charged with assaulting a federal officer on July 26, 2020;
  • John Tyler Gabriel, 22, is charged with assaulting a federal officer on July 26, 2020;
  • Noelle Mandolfo, 30, is charged with assaulting a federal officer on July 26, 2020;
  • Patrick Stafford, 35, is charged with assaulting a federal officer on July 26, 2020;
  • Travis Williams, 27, is charged with assaulting a federal officer on July 26, 2020;
  • Caleb Wills, 29, is charged with assaulting a federal officer on July 26, 2020;
  • Brodie Storey, 28, is charged with assaulting a federal officer on July 27, 2020;
  • Edward Schinzing, 32, is charged (photos available) with arson on July 28, 2020;
  • James Hickerson, 54, is charged with failing to obey a lawful order on July 28, 2020;
  • Ian Wolf, 26, is charged with failing to obey a lawful order and creating a hazard on federal property on July 28, 2020;
  • Sabastian Dubar, 23, is charged with assaulting a federal officer on July 29, 2020;
  • Jordan Johnson, 32, is charged with assaulting a federal officer on July 29, 2020;
  • Evan Kriechbaum, 31, is charged with assaulting a federal officer on July 29, 2020;
  • Christine Margaux, 28, is charged with assaulting a federal officer on July 29, 2020;
  • Gabriel Agard-Berryhill, 18, is charged (video available) with arson on July 30, 2020;
  • Isaiah Maza, 18, is charged (photos available) with assaulting a federal officer on July 31, 2020;
  • Dakotah Horton, 24, is charged (photos available) with assaulting a federal officer on August 17, 2020; and
  • Dakota Means, 20, is charged with assaulting a federal officer on August 24, 2020.

Eleven others have been issued citation violations. All defendants, unless noted, are presumed to be local residents.

Several of the charges being used to prosecute violent agitators carry significant maximum prison sentences. For example, felony assault of a federal officer with a dangerous weapon is punishable by up to 20 years in prison. Arson is punishable by up to 20 years in prison with a mandatory minimum sentence of five years.

It is important to note that while some federal charges require crimes be committed on federal property, others do not. Violent acts committed throughout the city of Portland under the guise of peaceful protest are being evaluated by local federal prosecutors for prosecution.

These cases are being investigated by the FBI; U.S. Marshals Service; Bureau of Alcohol, Tobacco, Firearms, and Explosives; U.S. Immigration and Customs Enforcement’s Homeland Security Investigations; and Federal Protective Service. They are being prosecuted by the U.S. Attorney’s Office for the District of Oregon.

Indictments, complaints, and informations are only accusations of a crime, and defendants are presumed innocent unless and until proven guilty.

To help identify actors who are actively instigating violence in the city of Portland, the FBI is accepting tips and digital media depicting violent encounters during demonstrations. If you have witnessed unlawful violent actions, we urge you to submit any information, photos, or videos that could be relevant to investigations at fbi.gov/PDViolence.

Specifically, the FBI is assisting partner agencies by asking for the public’s help in identifying individuals who participated in or may have been a witness to criminal activity at the following locations:

  • Near or inside the Multnomah County Justice Center in downtown Portland on the night of May 29, 2020 or into the morning of May 30, 2020. Details here: Justice Center
  • Near the Chase Bank branch located at 811 SW 6th Avenue, Portland, Oregon, shortly before 1 a.m. on May 30, 2020. Details here: Chase Bank

Tips can be submitted by calling 1-800-CALL-FBI (1-800-225-5324) or (503) 224-4181. They can also be submitted online by visiting: tips.fbi.gov.

AG Barr on Operation LeGend Successes

Attorney General William Barr announced Wednesday that there have been nearly 1,500 arrests across eight U.S. cities thus far under the “Operation Legend” law enforcement initiative launched roughly six weeks ago. These are Federal charges only. Investigations and cases dealing with state charges or violations of law are turned over to the local District Attorneys for prosecution(s).

Mayors Worry Operation Legend Is About Politics, Not the ... source

Federal officers involved in Operation Legend, a Justice Department initiative to assist cities plagued by violent crime, have made more than 1,000 arrests across the country, Attorney General William Barr said Wednesday.

Of those arrests, more than 200 defendants have been charged with federal crimes, including 90 murder suspects, and nearly 400 guns have been taken off the streets, Mr. Barr said, speaking with reporters in Kansas City, Missouri.

“Operation Legend is the heart of the federal government’s response to this uptick in violent crime,” he said. “Its mission is to save lives, solve crimes and take violent offenders off our streets before they can claim more victims.

“Rather than demonizing or defunding police, we are supporting and strengthening our law enforcement partners at the state and local level.”

Operation Legend is named after 4-year-old LeGend Taliferro, who was shot and killed in Kansas City while he was sleeping. The operation started in that city earlier this month.

Cities that are part of Operation Legend will receive increased resources from the FBI, U.S. Marshals Service, Drug Enforcement Administration and Bureau of Alcohol, Tobacco, Firearms and Explosives to reduce violent crime, with a focus on gun violence. More than 1,000 additional agents have been sent to the nine cities.     The program also has allocated $78.5 million in grants to fund additional police positions, more prosecutors and improve technology to solve gun crimes.

A total of 61 defendants in Chicago have been charged with federal crimes. In Albuquerque, 16 individuals face federal charges, 32 in Cleveland, 22 in Detroit, 11 in Milwaukee, 15 in St. Louis and seven in Memphis, Tennessee.

Indianapolis was not included in the totals because that program began only last week.

Federal charges include illegal possession of a firearm, distribution of narcotics, carjacking, and bank robbery.

***

Barr has noted that Operation Legend, however, is separate from those deployments in response to unrest and that the dozens of investigators being dispatched to the cities are instead more focused on assisting federal and state authorities with probing violent crimes.

“There has been a lot of confusion in the media, some of it not unintentional, conflating two different aspects of law enforcement,” Barr said. “One is dealing with civil unrest, rioting, and the other is the classical traditional work that law enforcement does.”

During the news conference, Barr addressed the recent uptick of violent crime across several parts of the country, at one point saying, without providing evidence, that he believed it might be a result of a combination between “pent up aggression” to state and local quarantine orders, the “premature release of dangerous criminals by the courts” during the COVID-19 pandemic and the “Defund the Police” movement.

Barr added that he expected there will be an increase in the national violent crime rate this year after it saw decreases for the last two years.

Now they Want a Trump Crimes Commission

Yup, both Congressman Eric Swalwell and Joy Reid of MSNBC are calling for a post Trump presidency Crimes Commission. Be careful what you ask for considering the work being done by AG Barr, John Durham and John Bash, not to mention the work of Senators Graham and Johnson. Timing is everything is Washington DC….lots to still be revealed. This comes on the heels of the Senate Intelligence (bi-partisan) report on Russia and the Trump campaign. Betcha, as Joy Reid refers to it, she hardly read it at all.

You gotta wonder if Reid or Swalwell have even considered ALL the crimes of the Obama administration or just a few of the Biden family clan….those from say Iraq or Ukraine or China.

How about this –>

The “U.S.-China Strong” group was founded to continue two Obama-era initiatives known as “100,000 Strong” and “1,000,000 Strong,” both of which sought to increase the number of Americans studying in China and introduce China-focused curricula into American schools.

The programs were promoted by the Obama-Biden administration despite valid concerns over Chinese Communist Party (CCP) sanctioned espionage, intellectual property theft, and propaganda.

Repeatedly praised by then-Vice President Biden, the initiative is no longer able to tap into U.S. tax dollars and now collaborates with a host of CCP-linked – and in some cases wholly-owned – entities including the Bank of China and Confucius Institutes. More here.

Joe Biden to Authoritarian Chinese President: U.S. Only ... source

But read on…

The Blaze reports: MSNBC host Joy Reid floated the idea of a potential future Biden administration establishing a “Trump Crimes Commission” to investigate President Donald Trump’s actions while in office — and perhaps even during his campaign, Mediaite reported.

Such a move would be unprecedented in American politics, as it is a longstanding norm that successors do not use their authority to investigate former political opponents.

Reid, an outspoken Trump critic, made the suggestion Tuesday night while discussing the final release of the bipartisan Senate report on Russian interference in the 2016 election with former Obama deputy national security adviser Ben Rhodes.

“It strikes me in just reading through this that Paul Manafort did to the United States what he had previously done to Ukraine,” Reid said. “He had messed with their elections in the past in order to put a [Russian President Vladimir] Putin puppet in charge. And now you have a president who is ruminating apparently on meeting with Vladimir Putin in New York, has talked about putting him back in the G7, and seems to be doing everything — you know, if there was a Christmas list that Vladimir Putin would have put together, it couldn’t have gotten any better than what Donald Trump is doing.

Reid is not the first to float such an idea. Journalist Andrew Feinberg and MSNBC legal analyst Glenn Kirschner have also called for a crimes commission to be empaneled, along with Democratic Rep. Eric Swalwell of California.

**

Rhodes, in response to Reid’s prompting, essentially agreed with the proposition but with a few caveats about how it would look and how it should be executed.

“There is no question in my mind, Joy, that there has to be an accountability process if Joe Biden wins, to protect the integrity of our democracy,” he said. “It’s not about getting revenge. It’s not about going after political opponents. That’s what Donald Trump does. It’s about sending a message that if you collude with, facilitate, coordinate with a foreign adversary and hacking private materials and releasing them that there are going to be consequences.”

He added: “We cannot just say we’re going to turn the page. We have to deal with this as a country. And so I really think it’s essential that we have some accountability process if Joe Biden wins the election.”

N. Korea has 60 Nuclear Bombs, 5000 tons of Chemical Weapons

An Army report has the following information in part regarding North Korea:

A new assessment made by the United States Department of the Army estimates that the North Korean regime is in possession of massive amounts of conventional and non-conventional weapons that they are “highly likely” to use in specific circumstances, according to the Yonhap News Agency.

The assessment was published in a report entitled “North Korean Tactics,” and attributes North Korea’s huge armaments program to a desire to “prevent other countries from contemplating regime change.” Apparently, Kim Jong-un, the North Korean dictator, took note of what happened to his Libyan counterpart Muammar Gaddafi and “does not want something similar to happen” to him. (Gaddafi was killed by rebel Libyan forces, after a multi-national force including NATO countries attacked Libya with the stated goal of imposing an arms embargo, sanctions, and an assets freeze against regime leaders.)

According to the report, North Korea already has between 20 and 60 nuclear bombs and “the capacity to produce six new devices each year.” It also boasts the world’s third-largest stockpile of chemical weapons – between 2,500 and 5,000 tons of various substances – and is engaged in research into biological warfare as well. “Only one kilogram of anthrax could kill up to 50,000 people in Seoul,” the capital of South Korea, the report’s authors note.

Another ongoing source of concern is North Korea’s Cyber Warfare Guidance Unit, which employs over 6,000 computer hackers who “can successfully conduct invasive computer warfare activities from the safety of its own territory.” North Korean operatives are known to already be operating in several foreign countries including Belarus, China, India, Malaysia, and Russia.

Negotiations between the United States and North Korea broke down entirely following an unproductive summit between Kim Jong-un and US President Donald Trump in February, 2019.

Further details in the report to Congress includes:

North Korea’s military “uses tactics based on former Soviet or current Russian doctrine, Chinese developments, lessons learned, and observation of recent military actions,” according to a new US Army manual on the subject.

“While North Korea maintains large amounts of military equipment, much of it is outdated making it quantitatively superior to most armies but qualitatively inferior,” the new manual said. See North Korean Tactics, Army Techniques Publication (ATP) 7-100.2, 24 July 2020.

But North Korea has proved resourceful in other areas, including offensive cyber warfare.

“The primary organization responsible for computer warfare in North Korea is Bureau 121, which fielded at least 1,000 elite hackers in 2010 who focused on other countries’ computer systems. This number is likely much higher now” and includes “cyberspace teams [deployed] in foreign countries.”

And not least of all, “The country’s possession of a nuclear arsenal and its pursuit of missile technology are attempts to ensure that external powers do not interfere with its internal affairs for fear of a nuclear reprisal,” the Army manual said.

 

“North Korea is constantly adapting and evolving its capabilities,” the Army said.

***

Formed in the late 1990s, Bureau 121 is unit 121 of the General Bureau of Reconnaissance in North Korea’s military. (now made up of 6000 hackers)

Part of the unit is sometimes known as the DarkSeoul Gang, according to a report by Reuters.

Despite being one of the poorest countries in the world, North Korea puts a lot of its cash into Bureau 121.

North Korea is still technically at war with South Korea and cyber-warfare is arguably its best weapon. Coming from a defector in 2015, more details were provided to the BBC.

There is an official training school for the younger hacking applicants.

North Korea's Bureau 21 cyber-warriors trained up for ... source

Students sent to the Military school after graduating from Geumseong Middle School in the capital. A report into the cyber threat written by US Major Steve Sin in 2009 revealed Unit 121 had a base in Chilbosan Hotel, in Shenyang, China, from where could launch its attacks.The 164-room three star hotel – which is jointly owned by the North Koreans and Chinese. More details here. 

Hat tip to NSA FBI for Cracking Drovorub

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations.

Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report.

The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU.

FBI e NSA descobrem novo malware Linux chamado Drovorub ...

While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election,” the NSA and FBI said in the report.

The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.” It was not clear if the Russian hackers were using Drovorub malware in any ongoing interference efforts related to the 2020 presidential elections.

The NSA and FBI urged national security personnel, including the U.S. Department of Defense, to be on the alert for Drovorub attacks.

“The malware represents a threat because Linux systems are used pervasively throughout National Security Systems, Department of Defense, and the Defense Industrial Base,” the statement said. “All stakeholders should take action as appropriate.”

The announcement comes nearly one year after the NSA stood up a new cybersecurity directorate aimed at sharing more adversary threat intelligence with the public, and in recent weeks the NSA has worked to expose a spate of Russian campaigns, including Russian hackers’ efforts to target coronavirus research.

Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, told CyberScoop the release shows these hackers are not easily deterred.

“Most importantly it demonstrates that FANCY BEAR has more tools and capabilities that are still being identified. This actor didn’t pack up and go home, they still have tricks up their sleeve,” Meyers told CyberScoop, adding that the news should raise alarm bells about Linux security. “Another important take away is that Linux is an area that organizations need to keep in mind from a malware perspective, many have not invested in similar security tools for this platform as they have for user platforms.”

Attacks employing Drovorub may be linked with previous Russian military efforts against connected devices, according to the NSA and the FBI. An APT28 attack that Microsoft security researchers identified last year against devices such as an office printer or a VOIP phone, for instance, was linked with an IP address that has also been used to access the Drovorub command and control IP address, the NSA and FBI said.

In such attacks, the hackers appeared interested in exploiting so-called internet of things devices in order to gain access to broader networks, other insecure accounts, and sensitive data, according to Microsoft.

The joint NSA and FBI release also has the effect of alerting the Russian government that U.S. officials are capable of tracking some of their work. The 780th Military Intelligence Brigade, which currently works with the Pentagon’s offensive cyber arm, Cyber Command, tweeted information out about the malware, and tagged a state-funded media outlet, RT, to flag the news for them.

The Drovorub malware consists of several components, the NSA and the FBI said, including an implant, a kernel module rootlet, a file transfer tool, and an attacker-controlled command and control server.

“When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as ‘root’; and port forwarding of network traffic to other hosts on the network,” the NSA and FBI said.

More detail for zdnet:

“Technical details released today by the NSA and FBI on APT28’s Drovorub toolset are highly valuable to cyber defenders across the United States.”

To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, “in order to take full advantage of kernel signing enforcement,” a security feature that would prevent APT28 hackers from installing Drovorub’s rootkit.

The joint security alert [PDF] contains guidance for running Volatility, probing for file hiding behavior, Snort rules, and Yara rules — all helpful for deploying proper detection measures.

Some interesting details we gathered from the 45-page-long security alert:

  • The name Drovorub is the name that APT28 uses for the malware, and not one assigned by the NSA or FBI.
  • The name comes from drovo [дрово], which translates to “firewood”, or “wood” and rub [руб], which translates to “to fell”, or “to chop.”
  • The FBI and NSA said they were able to link Drovorub to APT28 after the Russian hackers reused servers across different operations. For example, the two agencies claim Drovorub connected to a C&C server that was previously used in the past for APT28 operations targeting IoT devices in the spring of 2019. The IP address had been previously documented by Microsoft.