• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups

You are here: Home / General Cyber Security News / Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups
October 28, 2022

The menace actors guiding the Raspberry Robin worm have been connected with a advanced and interconnected malware ecosystem comprising the Clop and LockBit ransomware groups.

The results come from Microsoft, which has claimed the worm had alternate infection strategies beyond its first USB travel unfold.

“These bacterial infections lead to observe-on arms-on-keyboard attacks and human-operated ransomware activity,” Microsoft wrote in an advisory posted on Thursday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


According to the security gurus, Raspberry Robin (to start with noticed by Red Canary in May perhaps 2022) has evolved from remaining a commonly dispersed worm with no noticed post-infection steps to just one of the major malware distribution platforms at the moment active.

“In July 2022, Microsoft security scientists noticed equipment contaminated with Raspberry Robin remaining mounted with the FakeUpdates malware, which led to DEV-0243 exercise,” the business wrote, referring to a ransomware-focused danger actor with one-way links to EvilCorp, also thought to have deployed the LockBit ransomware in some campaigns.

Quickly forward to October 2022, Microsoft mentioned it observed Raspberry Robin being employed in post-compromise activity attributed to a different actor, DEV-0950.

“From a Raspberry Robin infection, the DEV-0950 activity led to Cobalt Strike arms-on-keyboard compromises, in some cases with a Truebot infection noticed in amongst the Raspberry Robin and Cobalt Strike stage,” Microsoft stated. “The exercise culminated in deployments of the Clop ransomware.”

The technology giant has also additional that given the interconnected nature of the cyber-legal economic system, the actors powering these Raspberry Robin-linked malware strategies could be paying the Raspberry Robin operators for malware installs.

“Raspberry Robin’s infection chain is a confusing and complex map of multiple infection factors that can guide to many unique outcomes, even in eventualities exactly where two hosts are infected simultaneously.”

Microsoft has said they believe Raspberry Robin will probably continue to develop and guide to additional malware distribution and cyber-criminal action group interactions as its put in footprint grows.

To aid companies defend towards this risk, the firm has involved detection details and indicators of compromise (IoC) in the advisory.

Its publication comes times soon after a report by SonicWall recommended a change in ransomware threats from the US and toward EMEA and APAC.


Some pieces of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «high severity flaws in juniper junos os affect enterprise networking devices High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices
Next Post: Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.