Security News > 2022 > August > Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022.
Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.
"The use of a RaaS payload by the 'EvilCorp' activity group is likely an attempt by DEV-0243 to avoid attribution to their group, which could discourage payment due to their sanctioned status," Microsoft said.
Katie Nickels, director of intelligence at Red Canary, said in a statement shared with The Hacker News that the findings, if proven to be correct, fills a "Major gap" with Raspberry Robin's modus operandi.
"We continue to see Raspberry Robin activity, but we have not been able to associate it with any specific person, company, entity, or country," Nickels said.
"Ultimately, it's too early to say if Evil Corp is responsible for, or associated with, Raspberry Robin. The Ransomware-as-a-Service ecosystem is a complex one, where different criminal groups partner with one another to achieve a variety of objectives. As a result, it can be difficult to untangle the relationships between malware families and observed activity."
News URL
https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html
Related news
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)