Microsoft found Rasberry Robin worm to be part of a complex and interconnected malware ecosystem
Microsoft discovered that the Rasberry Robin worm is part of a larger malware ecosystem with links to other malware families and alternate infection methods. Four confirmed entry vendors have been identified, which were linked to hands-on-keyboard by the hackers, while 3,000 devices in almost 1,000 organizations have been affected by the malware in the last 30 days.
Microsoft found that the malware distribution platform, Rasberry Robin worm, is ‘part of a larger malware ecosystem with links to other malware families and alternate infection methods beyond its USB drive spread’. Microsoft Defender for Endpoint data found that approximately 3,000 devices in almost 1,000 organizations have been affected by the malware in the last 30 days. The complexity of the infection chain is so strong that two hosts can be infected simultaneously, Microsoft stated. Evidence shows that multiple components are involved in the attack, making it challenging to differentiate them as hackers have complex mechanisms to protect the malware at each stage. So far, Microsoft has identified at least four confirmed entry vendors linked to hands-on-keyboard by the hackers. Mitigation guidelines for users have been provided by Microsoft to limit the spread of malware.