Accessibility links

Breaking News

Watchdog

The Drovorub hacking tool is designed to break into computers based on the Linux operating system. (illustrative photo)
The Drovorub hacking tool is designed to break into computers based on the Linux operating system. (illustrative photo)

The U.S. National Security Agency (NSA) and FBI released an advisory on cybersecurity on August 13 warning about previously undisclosed Russian malware.

The malware is a set of hacking tools named “Drovorub,” the agencies said in a news release.

It said a unit within Russia’s GRU military intelligence agency -- the 85th Main Special Service Center (GTsSS), military unit 26165 -- was deploying the malware as part of its cyberespionage operations.

The GTsSS, the agencies said, is associated with the hackers who broke into the Democratic National Committee in the months leading up the 2016 presidential election.

That group, known as APT28 or “Fancy Bear,” and other Russian hacking groups have been blamed in recent years by multiple Western governments, think tanks, and corporations for carrying out numerous cyberattacks.

The cybersecurity advisory published on August 13 is the latest statement from the U.S. government aimed at publicizing Russian hacking operations ahead of the 2020 U.S. presidential election.

The 45-page advisory is an “extensive, technical analysis on specific threats,” NSA Cybersecurity Director Anne Neuberger said in the news release.

"By deconstructing this capability and providing attribution, analysis, and mitigations, we hope to empower our customers, partners, and allies to take action,” Neuberger said.

The Drovorub hacking tool is designed to break into computers based on the Linux operating system, which is commonly used to run web-based computer servers.

Among the actions that Drovorub enables are file download and upload capabilities, the execution of arbitrary commands, and techniques to evade detection.

The advisory provides guidance to systems administrators and network security specialists so they can defend against the malware. It includes detection strategies, mitigation techniques, configuration recommendations, and other tips to reduce the risk of compromise.

The U.S. Justice Department has filed a civil complaint that accuses Ukrainian billionaires Ihor Kolomoyskiy (above) and Hennadiy Boholyubov of laundering hundreds of millions of dollars from a Kyiv-based bank.
The U.S. Justice Department has filed a civil complaint that accuses Ukrainian billionaires Ihor Kolomoyskiy (above) and Hennadiy Boholyubov of laundering hundreds of millions of dollars from a Kyiv-based bank.

WASHINGTON -- Five American companies owned by Ukrainian tycoons who are accused of laundering money and using the misappropriated funds to help buy U.S. assets were approved for as much as $13.3 million in loans through a federal program aimed at saving jobs during the pandemic, according to U.S. government records.

CC Metals & Alloys, Felman Production, Felman Trading Americas, Optima Management Group, and Optima 777 were among the more than 600,000 U.S. businesses approved for loans of $150,000 or more under the federal government's Paycheck Protection Program, commonly called the PPP, Treasury Department records show.

The U.S. Justice Department filed a civil complaint on August 6 that accuses Ukrainian billionaires Ihor Kolomoyskiy and Hennadiy Boholyubov of laundering hundreds of millions of dollars from a Kyiv-based bank and using the misappropriated funds to help purchase assets in the United States, including alloy and steel plants as well as real estate.

The two men control CC Metals & Alloys, Felman Production, Felman Trading Americas, Optima Management Group, and Optima 777 with their U.S. associates, Uriel Laber and Mordechai Korf, according to the Justice Department’s lawsuit.

At least four of the companies are formally run by Laber and Korf from their headquarters on the penthouse floor of a Miami skyscraper.

The FBI on August 4 raided their Miami office as well as Optima Management Group’s office in Cleveland, Ohio, where they own three commercial buildings. The FBI has not charged anyone with a crime; its investigation is continuing.

Kolomoyskiy denies the laundering accusation, saying the money he and his partner used to purchase the U.S. assets came from their sale of Ukrainian steel assets to a Russian company for about $2 billion. The sale was completed in 2008.

Laber and Korf, through their lawyer, also deny the charges, saying they are part of a politically motivated attack against Kolomoyskiy and Boholyubov, whose relations with then-Ukrainian President Petro Poroshenko began to sour in 2015.

Kolomoyskiy fled Ukraine in 2017, months after PrivatBank, his main funding vehicle and the largest commercial bank in Ukraine, was nationalized over a $5.5 billion hole caused by what banking regulators said was reckless lending to entities connected to him and Boholyubov.

He returned to Ukraine in May 2019, after Volodymyr Zelenskiy, a comic and television star who ran for president with the informal backing of the tycoon’s media firm, beat Poroshenko in a presidential runoff election.

CC Metals & Alloys, a Kentucky-based producer of ferrosilicon alloys used in the manufacturing of iron and steel, was approved for a PPP loan on April 14 of between $2 million and $5 million to help support 145 jobs, according to the data.

CC Metals & Alloys shut down temporarily due to the coronavirus pandemic on July 1, according to a company press release.

Felman Production, a West Virginia-based producer of silicon manganese, which is also used in steel production, was approved for a loan of between $1 million and $2 million to help support nearly 100 jobs. The Ukrainian tycoons and their U.S. partners have invested tens of millions of dollars into Felman Production since purchasing it out of bankruptcy in 2006. Through their lawyer, Korf and Laber say their investments have helped revive “depressed” U.S. industrial assets.

Hennadiy Boholyubov
Hennadiy Boholyubov

Felman Trading Americas, a ferroalloys trading company that the Justice Department said was set up by Korf and Laber to hide the tycoons’ ownership, was approved for a loan of between $350,000 and $1 million.

Optima Management Group, which managed the tycoons' U.S. commercial real estate, was approved for a loan of between $150,000 and $300,000.

Finally, Optima 777, which owns the Westin Hotel in Cleveland, was approved for a loan of between $2 million and $5 million to support 240 jobs.

Sage Hospitality Group, a Denver-based hotel manager, owns a minority stake in the Westin, its spokeswoman Kelly Bajorek told RFE/RL. Bloomberg News in July reported that Optima 777 was approved for a PPP loan.

A spokesman for Korf and Laber declined to say how much of the $13.3 million in approved loans their companies received.

The low-interest PPP loans are designed to keep employees on the payroll during the pandemic.

The PPP program has not avoided controversy. Some well-connected or well-funded businesses were approved for loans.

Korf had hired some of his relatives at the firms he ran for the tycoons, including his nephew, Menachem Sossonko, who had been employed at Felman Trading. The spokesman for Korf declined to say whether Sossonko was still employed.

Korf and Laber are also listed as managing members of Transenergy USA, a Texas-based trucking company for the energy industry.

Transenergy was approved for a PPP loan in May of between $350,000 and $1 million to help support 200 jobs.

Load more

About This Blog

"Watchdog" is a blog with a singular mission -- to monitor the latest developments concerning human rights, civil society, and press freedom. We'll pay particular attention to reports concerning countries in RFE/RL's broadcast region.

Subscribe

Latest Posts

Journalists In Trouble

RFE/RL journalists take risks, face threats, and make sacrifices every day in an effort to gather the news. Our "Journalists In Trouble" page recognizes their courage and conviction, and documents the high price that many have paid simply for doing their jobs. More

XS
SM
MD
LG