Analysts with Microsoft Security Threat Intelligence said victims of the Raspberry Robin malware have been further targeted by threat actors, indicating that the worm's operators have sold access to the compromised systems to other ransomware gangs, reports BleepingComputer.
Microsoft analysts said they detected deployments of IcedID, Bumblebee and TrueBot payloads via Raspberry Robin beginning Sept. 19. Then, in October, a threat group being tracked as DEV-0950 was observed using Cobalt Strike on infected systems, followed occasionally by Truebot infections and eventually deployment of the Clop ransomware.
Earlier in July, Microsoft analysts also reported Evil Corp pre-ransomware behavior on networks in which Raspberry Robin-infected devices had been uploaded with the FakeUpdates backdoor, with the activity attributed to the access broker tracked as DEV-0206.
Red Canary analysts first reported Raspberry Robin in September 2021, and the worm, which spreads through infected USB devices that contain a malicious .LNK file, has now infected systems operated by nearly 1,000 organizations within the last month, according to Microsoft.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.