Security News > 2024 > February > Raspberry Robin devs are buying exploits for faster attacks
Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.
An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to the group - most likely the latter.
In 2022, Raspberry Robin added exploits for vulnerabilities that were up to 12 months old, such as CVE-2021-1732, but this has quickly switched to those less than a month old, like CVE-2023-36802.
"Raspberry Robin continues to use different exploits for vulnerabilities either before or only a short time after they were publicly disclosed," said CPR. "Those one-day exploits were not publicly disclosed at the time of their use. An exploit for one of the vulnerabilities, CVE-2023-36802, was also used in the wild as a zero-day and was sold on the dark web."
"After looking at samples of Raspberry Robin prior to October, we found that it also used an exploit for CVE-2023-29360," said CPR. "This vulnerability was publicly disclosed in June and was used by Raspberry Robin in August. Even though this is a pretty easy vulnerability to exploit, the fact that the exploit writer had a working sample before there was a known exploit in GitHub is impressive as is how quickly Raspberry Robin used it."
"If the Raspberry Robin authors were the developers of the exploits, then they would have probably used the exploits in the main component itself," said CPR. "In addition, the exploits would be packed in the same way and have the same format as the different stages of the main component."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/02/08/raspberry_robin_bought_exploits/
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-36802 | Use After Free vulnerability in Microsoft products Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 0.0 |
| 2023-06-14 | CVE-2023-29360 | Unspecified vulnerability in Microsoft products Microsoft Streaming Service Elevation of Privilege Vulnerability | 0.0 |
| 2021-02-25 | CVE-2021-1732 | Out-of-bounds Write vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 0.0 |