CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers

admin by admin
July 30, 2022
in Information Security


Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp.

The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022.

Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a .LNK files to other devices in the target network.

CyberSecurity

The campaign, which was first spotted by Red Canary in September 2021, has been elusive in that no later-stage activity has been documented nor has there any concrete link tying it to a known threat actor or group.

The disclosure marks the first evidence of post-exploitation actions carried out by the threat actor upon leveraging the malware to gain initial access to a Windows machine.

“The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-on actions resembling DEV-0243 pre-ransomware behavior,” Microsoft noted.

Raspberry Robin USB Worm

DEV-0206 is Redmond’s moniker for an initial access broker that deploys a malicious JavaScript framework called FakeUpdates by enticing targets into downloading fake browser updates.

The malware, at its core, acts as a conduit for other campaigns that make use of this access purchased from DEV-0206 to distribute other payloads, primarily Cobalt Strike loaders attributed to DEV-0243, which is also known as Evil Corp.

Also called Gold Drake and Indrik Spider, the financially motivated hacking group has historically operated the Dridex malware and has since switched to deploying a string of ransomware families over the years, including most recently LockBit.

CyberSecurity

“The use of a RaaS payload by the ‘EvilCorp’ activity group is likely an attempt by DEV-0243 to avoid attribution to their group, which could discourage payment due to their sanctioned status,” Microsoft said.

It’s not immediately clear what exact connections Evil Corp, DEV-0206, and DEV-0243 may have with one another.

Katie Nickels, director of intelligence at Red Canary, said in a statement shared with The Hacker News that the findings, if proven to be correct, fills a “major gap” with Raspberry Robin’s modus operandi.

“We continue to see Raspberry Robin activity, but we have not been able to associate it with any specific person, company, entity, or country,” Nickels said.

“Ultimately, it’s too early to say if Evil Corp is responsible for, or associated with, Raspberry Robin. The Ransomware-as-a-Service (RaaS) ecosystem is a complex one, where different criminal groups partner with one another to achieve a variety of objectives. As a result, it can be difficult to untangle the relationships between malware families and observed activity.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

911 Proxy Service Implodes After Disclosing Breach – Krebs on Security

Next Post

Initiatecommunicationoversight

Related Posts

Information Security

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

by admin
August 7, 2022
Information Security

Spring 2022 PCI 3DS report now available

by admin
August 7, 2022
Information Security

Tech giants pledge self-regulation in NZ pact

by admin
August 7, 2022
Information Security

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

by admin
August 6, 2022
Information Security

Class Action Targets Experian Over Account Security – Krebs on Security

by admin
August 6, 2022
Next Post

Initiatecommunicationoversight

Recommended

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

August 7, 2022

Spring 2022 PCI 3DS report now available

August 7, 2022

Tech giants pledge self-regulation in NZ pact

August 7, 2022

Will Oracle Save the Day with Its EHR database?

August 7, 2022

Illuminatecreativity

August 7, 2022

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

August 6, 2022

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.