Menu
On Thursday 28th of July 2022, Microsoft researchers revealed that an access broker (DEV-0206) they have been tracking has been observed using the Raspberry Robin Windows worm to deploy a malware downloader on networks as well as showing signs of Evil Corp pre-ransomware deploy tactics.
According to Microsoft’s threat intelligence advisory, they have found Raspberry Robin malware on the networks of hundreds of organisations from across a wide range of sectors. Based on Microsoft’s threat intelligence advisory, it seems like Evil Corp has taken advantage of Raspberry Robin’s access to enterprise networks.
The Raspberry Robin malware was first observed in September 2021 by Red Canary intelligence analysts. It was observed spreading via infected USB devices to other devices on a target’s network once deployed on a compromised system.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
