Security News > 2022 > October > Microsoft links Raspberry Robin worm to Clop ransomware attacks

Microsoft says a threat group tracked as DEV-0950 used Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm.

"Beginning on September 19, 2022, Microsoft identified Raspberry Robin worm infections deploying IcedID and-later at other victims-Bumblebee and TrueBot payloads," Microsoft Security Threat Intelligence analysts said.

"In October 2022, Microsoft researchers observed Raspberry Robin infections followed by Cobalt Strike activity from DEV-0950. This activity, which in some cases included a Truebot infection, eventually deployed the Clop ransomware."

Spotted in September 2021 by Red Canary intelligence analysts, Raspberry Robin spreads to other devices via infected USB devices containing a malicious.

Microsoft said in early July that it detected Raspberry Robin malware infection on the networks of hundreds of organizations from a wide range of industry sectors.

"Microsoft Defender for Endpoint data indicates that nearly 3,000 devices in almost 1,000 organizations have seen at least one Raspberry Robin payload-related alert in the last 30 days," Microsoft added.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/