Security News > 2022 > July > Microsoft links Raspberry Robin malware to Evil Corp attacks
Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.
"On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections," Microsoft revealed Thursday.
Evil Corp, the cybercrime group that seems to take advantage of Raspberry Robin's access to enterprise networks, has been active since 2007 and is known for pushing the Dridex malware and for switching to deploying ransomware.
From March 2021, Evil Corp moved to other strains known as Hades ransomware, Macaw Locker, and Phoenix CryptoLocker, finally being observed by Mandiant deploying ransomware as a LockBit affiliate since mid-2022.
After being sanctioned by the U.S. government in 2019, ransomware negotiation firms refused to facilitate ransom payments for organizations hit by Evil Corp ransomware attacks to avoid facing legal action or fines from the U.S. Treasury Department.
Assuming a RaaS affiliate role would also likely allow its operators to expand the gang's ransomware deployment operations and its malware developers with enough free time and resources to develop new ransomware, which is harder to link to Evil Corp's previous operations.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)