Security News > 2022 > September > New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group.
The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson said in a Thursday analysis.
"The Raspberry Robin loaders are DLLs that decode and execute an intermediate loader," Henson said.
IBM Security X-Force's comparative analysis of a 32-bit Raspberry Robin loader and a 64-bit Dridex loader uncovered overlaps in functionality and structure, with both components incorporating similar anti-analysis code and decoding the final payload in an analogous manner.
Dridex is the handiwork of Evil Corp and refers to a banking trojan with capabilities to steal information, deploy additional malware such as ransomware, and enslave compromised Windows machines into a botnet.
To mitigate Raspberry Robin infections, it's recommended that organizations monitor USB device connections and disable the AutoRun feature in the Windows operating system settings.
News URL
https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)