"Microsoft Links Raspberry Robin Malware to Evil Corp Attacks"

Microsoft discovered that an access broker tracked as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks. Evidence of malicious activity matching Evil Corp tactics was also discovered. Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Following the DEV-0206-related FakeUpdates activity on affected systems, subsequent actions resembling DEV-0243 pre-ransomware behavior occurred. Microsoft discovered Raspberry Robin malware on the networks of hundreds of organizations from various industry sectors, according to a threat intelligence advisory shared with enterprise customers. Once deployed on a compromised system, it spreads via infected USB devices to other devices on a target's network. It was discovered in September 2021 by Red Canary intelligence analysts. Redmond's findings are consistent with those of Red Canary's Detection Engineering team, which discovered it on customer networks in the technology and manufacturing sectors. This is the first time security researchers have discovered evidence of how the threat actors behind Raspberry Robin intend to exploit the access to their victims' networks gained through the use of this worm. Evil Corp, the cybercrime group that appears to take advantage of Raspberry Robin's access to enterprise networks, has been active since 2007 and is known for distributing Dridex malware as well as ransomware. This article continues to discuss the Raspberry Robin Windows worm and its link to Evil Corp. 

Bleeping Computer reports "Microsoft Links Raspberry Robin Malware to Evil Corp Attacks"