• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft: raspberry robin worm key facilitator of lockbit, cl0p ransomware

Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware

You are here: Home / General Cyber Security News / Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware
October 28, 2022

Getty Pictures

Microsoft has printed its investigation into Raspberry Robin, locating considerable hyperlinks involving the worm and primary ransomware campaigns, as nicely as its key role in a wider malware ecosystem.

The existing primary ransomware marketing campaign, LockBit, has been demonstrated to be in aspect facilitated by the Raspberry Robin worm and the now-shuttered Cl0p ransomware, which was another of the most prolific campaigns of 2021 and 2022, also applied it to deploy payloads.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Researchers noticed gadgets contaminated with Raspberry Robin remaining set up with the FakeUpdates malware in July 2022, main to action attributed to the danger actor tracked as DEV-0243 – a ransomware-linked team whose steps overlap with these of the team tracked as EvilCorp by other security scientists.

Raspberry Robin-infected gadgets ended up very first found deploying LockBit ransomware payloads in November 2021 and has considering the fact that been noticed dropping samples of malware such as IcedID, Bumblebee, and Truebot too.

Furthermore, Microsoft observed in October 2022 Raspberry Robin currently being made use of in article-compromise exercise attributed to a further actor, DEV-0950. The broadly abused Cobalt Strike penetration testing tool was effectively dropped on victims after a Raspberry Robin an infection and this eventually also led to the deployment of Cl0p ransomware.

“DEV-0950 usually takes advantage of phishing to receive the the greater part of their victims, so this notable shift to applying Raspberry Robin enables them to produce payloads to current bacterial infections and go their campaigns far more speedily to ransomware phases,” claimed Microsoft.

Microsoft’s facts indicated that virtually 3,000 products in pretty much 1,000 organisations have found at least 1 Raspberry Robin payload-associated warn in the final 30 times.

Raspberry Robin was publicly disclosed in May well 2022 by security business Crimson Canary which branded it a extensively distributed worm. Due to the fact then, it is progressed into a person of the biggest malware distribution platforms currently active, Microsoft explained.

Microsoft also stated it’s achievable that the actors powering the Raspberry Robin-relevant malware strategies are shelling out the worm’s operators to set up malware that could lead to more attacks.

“Raspberry Robin’s infection chain is a complicated and sophisticated map of a number of infection details that can guide to several distinct results, even in eventualities where two hosts are contaminated concurrently,” mentioned Microsoft.

“There are many components involved differentiating them could be challenging as the attackers guiding the menace have gone to extreme lengths to shield the malware at every stage with sophisticated loading mechanisms. These attackers also hand off to other actors for some of the much more impactful attack levels, this sort of as ransomware deployment.”

Microsoft also explained it is really at present informed of and tracking at the very least 4 entry vectors utilized by Raspberry Robin to infect sufferer devices – vectors that were being linked to fingers-on-keyboard exercise from risk actors. The stop purpose of these steps was most probable the deployment of ransomware, it added.

The tech huge underlined that building a sturdy safety and detection tactic and investing in credential cleanliness, least privileges, and network segmentation are keys to stopping the impression of these complex threats.


Some parts of this report are sourced from:
www.itpro.co.uk

Previous Post: «researchers uncover stealthy techniques used by cranefly espionage hackers Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers
Next Post: UK police fails ethical tests with “unlawful” facial recognition deployments uk police fails ethical tests with "unlawful" facial recognition deployments»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.