Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.
"On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections," Microsoft revealed Thursday.
"The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-on actions resembling DEV-0243 pre-ransomware behavior."
According to a threat intelligence advisory shared with enterprise customers, Microsoft has found Raspberry Robin malware on the networks of hundreds of organizations from a wide range of industry sectors.
First spotted in September 2021 by Red Canary intelligence analysts, it spreads via infected USB devices to other devices on a target's network once deployed on a compromised system.
Redmond's findings match those of Red Canary's Detection Engineering team, which also detected it on the networks of customers in the technology and manufacturing sectors.
This is the first time security researchers have found evidence of how the threat actors behind Raspberry Robin plan to exploit the access they gained to their victims' networks using this worm.
DEV-0206 to Evil Corp handover (Microsoft)
Evil Corp, ransomware, and sanctions evasion
Evil Corp, the cybercrime group that seems to take advantage of Raspberry Robin's access to ente ..
Support the originator by clicking the read the rest link below.
