“Raspberry Robin worm found in hundreds of networks”, says Microsoft
Sekoia, a cybersecurity organization had also observed it using QNAP NAS devices as command and control servers in early November.
image courtesy:BleepinComputer/twitter
Microsoft said that a recently spotted Windows worm has been discovered over the networks of hundreds of organizations from various industry sectors.
The malware, Raspberry Robin spreads through infected USB devices. It was first spotted in September 2021 by Red Canary intelligence analysts.
Sekoia, a cybersecurity organization had also observed it using QNAP NAS devices as command and control servers in early November. Whereas Microsoft believes it contains malicious artefacts linked to this worm, created in 2019.
The findings of Redmond are aligned with those of the Red Canary’s Detection Engineering team, which also identified this worm over the network of multiple customers, some of them in the technology and manufacturing sectors.
“Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims’ networks”, a source as per BleepingComputer.
Despite this, they can easily increase their attacks, given that the malware bypasses UAC (User Account Control) on the infected system with the use of legitimate Windows tools.
The security researchers who found Raspberry Robin are yet to ascribe the malware to a threat group. They are still working on discovering its operator’s end goal.
