• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups

You are here: Home / General Cyber Security News / Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups
October 28, 2022

The menace actors guiding the Raspberry Robin worm have been connected with a advanced and interconnected malware ecosystem comprising the Clop and LockBit ransomware groups.

The results come from Microsoft, which has claimed the worm had alternate infection strategies beyond its first USB travel unfold.

“These bacterial infections lead to observe-on arms-on-keyboard attacks and human-operated ransomware activity,” Microsoft wrote in an advisory posted on Thursday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


According to the security gurus, Raspberry Robin (to start with noticed by Red Canary in May perhaps 2022) has evolved from remaining a commonly dispersed worm with no noticed post-infection steps to just one of the major malware distribution platforms at the moment active.

“In July 2022, Microsoft security scientists noticed equipment contaminated with Raspberry Robin remaining mounted with the FakeUpdates malware, which led to DEV-0243 exercise,” the business wrote, referring to a ransomware-focused danger actor with one-way links to EvilCorp, also thought to have deployed the LockBit ransomware in some campaigns.

Quickly forward to October 2022, Microsoft mentioned it observed Raspberry Robin being employed in post-compromise activity attributed to a different actor, DEV-0950.

“From a Raspberry Robin infection, the DEV-0950 activity led to Cobalt Strike arms-on-keyboard compromises, in some cases with a Truebot infection noticed in amongst the Raspberry Robin and Cobalt Strike stage,” Microsoft stated. “The exercise culminated in deployments of the Clop ransomware.”

The technology giant has also additional that given the interconnected nature of the cyber-legal economic system, the actors powering these Raspberry Robin-linked malware strategies could be paying the Raspberry Robin operators for malware installs.

“Raspberry Robin’s infection chain is a confusing and complex map of multiple infection factors that can guide to many unique outcomes, even in eventualities exactly where two hosts are infected simultaneously.”

Microsoft has said they believe Raspberry Robin will probably continue to develop and guide to additional malware distribution and cyber-criminal action group interactions as its put in footprint grows.

To aid companies defend towards this risk, the firm has involved detection details and indicators of compromise (IoC) in the advisory.

Its publication comes times soon after a report by SonicWall recommended a change in ransomware threats from the US and toward EMEA and APAC.


Some pieces of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «high severity flaws in juniper junos os affect enterprise networking devices High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices
Next Post: Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.