Raspberry Robins Cyber Worm Infects Thousands of Endpoints

  /     /     /  
Publicated : 23/11/2024   Category : security


Raspberry Robins Cyber Worm Infects Thousands of Endpoints


The malware is being used to deliver Clop ransomware, in a vicious spate of October attacks that show an evolution in its methods.



The Raspberry Robin cyber-worm operation has infected nearly 3,000 devices in almost 1,000 organizations in the last 30 days, according to Microsoft telemetry — and the threat seems to be molting into something new.
Raspberry Robin was initially spotted back in May, infecting targets via infected USB drives and worming to other endpoints — but then remaining dormant. That changed in July, when Microsoft security researchers saw Raspberry Robin importing the FakeUpdates malware to devices where it was nesting. Further exploration of the activity
revealed some infrastructure overlaps
with the infamous Dridex Trojan and the Evil Corp (aka DEV-0243) ransomware gang.
Since then, Raspberry Robin has also started deploying IcedID,
Bumblebee
, and Truebot, according to a
Microsoft update
on Oct. 27, with researchers uncovering a notable spate of attacks in October that have resulted in
Clop ransomware infections
. The threat has also taken flight beyond its initial USB access vector, researchers noted, and is now capable of using at least four different methods for gaining purchase on devices.
The computing giant attributes the post-compromise Clop activity to a group it tracks as DEV-0950 -- aka FIN11 or TA505 -- indicating that Raspberry Robin is establishing itself iin the wider cybercrime economy.
DEV-0950 traditionally uses phishing to acquire the majority of their victims, so this notable shift to using Raspberry Robin enables them to deliver payloads to existing infections and move their campaigns more quickly to ransomware stages, Microsoft researchers noted.
They added, Given the interconnected nature of the cybercriminal economy, its possible that the actors behind these Raspberry Robin-related malware campaigns — usually distributed through other means like malicious ads or email — are paying the Raspberry Robin operators for malware installs.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Raspberry Robins Cyber Worm Infects Thousands of Endpoints